From e10d25b4c3109347a43a729f8c098138272fe1e7 Mon Sep 17 00:00:00 2001 From: CarlGill Date: Mon, 5 Sep 2016 21:28:05 -0400 Subject: Added support for CloudFlares Proxy. Included a checkbox to enable and disable this feature when CloudeFlare type is selected. Included proxied variable in the update script as well. Defaults to false, as the is the current functionality Added help text Updated Last tested date Hope this helps other people. I use both dynDNS and the Proxy service. And by default without this feature, the proxy gets disabled. This is a huge problem, as I have all traffic blocked except for CloudFlare. And because I have certain other security features enabled, when the Proxy goes disabled, The Site goes down hard to end users. With this feature, I can ensure the proxy stays enabled. --- src/usr/local/www/services_dyndns_edit.php | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php index 060d624..fbc9807 100644 --- a/src/usr/local/www/services_dyndns_edit.php +++ b/src/usr/local/www/services_dyndns_edit.php @@ -64,6 +64,7 @@ if (isset($id) && isset($a_dyndns[$id])) { $pconfig['enable'] = !isset($a_dyndns[$id]['enable']); $pconfig['interface'] = $a_dyndns[$id]['interface']; $pconfig['wildcard'] = isset($a_dyndns[$id]['wildcard']); + $pconfig['proxied'] = isset($a_dyndns[$id]['proxied']); $pconfig['verboselog'] = isset($a_dyndns[$id]['verboselog']); $pconfig['curl_ipresolve_v4'] = isset($a_dyndns[$id]['curl_ipresolve_v4']); $pconfig['curl_ssl_verifypeer'] = isset($a_dyndns[$id]['curl_ssl_verifypeer']); @@ -157,6 +158,7 @@ if ($_POST) { $dyndns['domainname'] = $_POST['domainname']; $dyndns['mx'] = $_POST['mx']; $dyndns['wildcard'] = $_POST['wildcard'] ? true : false; + $dyndns['proxied'] = $_POST['proxied'] ? true : false; $dyndns['verboselog'] = $_POST['verboselog'] ? true : false; $dyndns['curl_ipresolve_v4'] = $_POST['curl_ipresolve_v4'] ? true : false; $dyndns['curl_ssl_verifypeer'] = $_POST['curl_ssl_verifypeer'] ? true : false; @@ -322,6 +324,15 @@ $section->addInput(new Form_Checkbox( )); $section->addInput(new Form_Checkbox( + 'proxied', + 'CloudFlare Proxy', + 'Enable Proxy', + $pconfig['proxied'] +))->setHelp('Note: This enables CloudFlares Virtual DNS proxy. When Enabled it will route all traffic '. + 'through their servers. By Default this is disabled and your Real IP is exposed.'. + 'More info: CloudFlare Blog'); + +$section->addInput(new Form_Checkbox( 'verboselog', 'Verbose logging', 'Enable verbose logging', @@ -440,6 +451,7 @@ events.push(function() { hideInput('host', true); hideInput('mx', true); hideCheckbox('wildcard', true); + hideCheckbox('proxied', true); hideInput('zoneid', true); hideInput('ttl', true); break; @@ -455,6 +467,7 @@ events.push(function() { hideInput('host', false); hideInput('mx', false); hideCheckbox('wildcard', false); + hideCheckbox('proxied', true); hideInput('zoneid', false); hideInput('ttl', false); break; @@ -468,9 +481,24 @@ events.push(function() { hideInput('host', false); hideInput('mx', false); hideCheckbox('wildcard', false); + hideCheckbox('proxied', true); hideInput('zoneid', true); hideInput('ttl', true); break; + case "cloudflare-v6": + case "cloudflare": + hideGroupInput('domainname', true); + hideInput('resultmatch', true); + hideInput('updateurl', true); + hideInput('requestif', true); + hideCheckbox('curl_ipresolve_v4', true); + hideCheckbox('curl_ssl_verifypeer', true); + hideInput('host', false); + hideInput('mx', false); + hideCheckbox('wildcard', false); + hideCheckbox('proxied', false); + hideInput('zoneid', true); + hideInput('ttl', true); default: hideGroupInput('domainname', true); hideInput('resultmatch', true); @@ -481,6 +509,7 @@ events.push(function() { hideInput('host', false); hideInput('mx', false); hideCheckbox('wildcard', false); + hideCheckbox('proxied', true); hideInput('zoneid', true); hideInput('ttl', true); } -- cgit v1.1 From 7be23d53705ccbcee64d3236bf74b34c513da686 Mon Sep 17 00:00:00 2001 From: marjohn56 Date: Wed, 21 Dec 2016 15:26:17 +0000 Subject: User Defined DUID User may define a DUID to use in System->Advanced->Networking. The entered DUID is validated for composition and length, if valid it is stored in the config.xml. On call of wan_dhcp6_configure() the DUID is written to file to be read by dhcp6c on launch. --- src/usr/local/www/system_advanced_network.php | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 06a4e2d..b453045 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -40,6 +40,7 @@ require_once("shaper.inc"); $pconfig['ipv6nat_enable'] = isset($config['diag']['ipv6nat']['enable']); $pconfig['ipv6nat_ipaddr'] = $config['diag']['ipv6nat']['ipaddr']; $pconfig['ipv6allow'] = isset($config['system']['ipv6allow']); +$pconfig['global-v6duid'] = $config['system']['global-v6duid']; $pconfig['prefer_ipv4'] = isset($config['system']['prefer_ipv4']); $pconfig['sharednet'] = $config['system']['sharednet']; $pconfig['disablechecksumoffloading'] = isset($config['system']['disablechecksumoffloading']); @@ -83,6 +84,18 @@ if ($_POST) { unset($config['system']['prefer_ipv4']); } + if (!empty($_POST['global-v6duid'])) { + $_POST['global-v6duid'] = strtolower(str_replace("-", ":", $_POST['global-v6duid'])); + if (!is_duid($_POST['global-v6duid'])) { + $input_errors[] = gettext("A valid DUID must be specified"); + } else { + $config['system']['global-v6duid'] = $_POST['global-v6duid']; + } + } + else { + unset($config['system']['global-v6duid']); + } + if ($_POST['sharednet'] == "yes") { $config['system']['sharednet'] = true; system_disable_arp_wrong_if(); @@ -186,6 +199,15 @@ $section->addInput(new Form_Checkbox( ))->setHelp('By default, if IPv6 is configured and a hostname resolves IPv6 and IPv4 addresses, '. 'IPv6 will be used. If this option is selected, IPv4 will be preferred over IPv6.'); +$section->addInput(new Form_Input( + 'global-v6duid', + 'DHCP6 DUID', + 'text', + $pconfig['global-v6duid'], + ['placeholder' => 'xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx'] + ))->setWidth(9)->sethelp('Enter the DUID to use here. Use this option if using RAM Disk, as the DUID will be lost on reboot. The existing DUID may be found in var/db/dhcp6_duid.' .'
' . + 'NOTE: Do not use this option with multiple DHCP6 interfaces.'); + $form->add($section); $section = new Form_Section('Network Interfaces'); -- cgit v1.1 From aff01dbd97c10731b98bc70c32ac19822c95d304 Mon Sep 17 00:00:00 2001 From: marjohn56 Date: Wed, 21 Dec 2016 21:39:23 +0000 Subject: Text change --- src/usr/local/www/system_advanced_network.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index b453045..7b0f725 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -119,8 +119,8 @@ if ($_POST) { if ($_POST['disablelargereceiveoffloading'] == "yes") { $config['system']['disablelargereceiveoffloading'] = true; } else { - unset($config['system']['disablelargereceiveoffloading']); - } + unset($config['system']['disablelargereceiveoffloading']); hi +} setup_microcode(); @@ -206,7 +206,7 @@ $section->addInput(new Form_Input( $pconfig['global-v6duid'], ['placeholder' => 'xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx'] ))->setWidth(9)->sethelp('Enter the DUID to use here. Use this option if using RAM Disk, as the DUID will be lost on reboot. The existing DUID may be found in var/db/dhcp6_duid.' .'
' . - 'NOTE: Do not use this option with multiple DHCP6 interfaces.'); + 'NOTE: Do not use this option with multiple DHCP6 WAN interfaces.'); $form->add($section); $section = new Form_Section('Network Interfaces'); -- cgit v1.1 From 016b7b5d06a1633528726e97c9274b25067a6771 Mon Sep 17 00:00:00 2001 From: marjohn56 Date: Thu, 22 Dec 2016 13:44:41 +0000 Subject: Typo correct --- src/usr/local/www/system_advanced_network.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 7b0f725..be6cd0f 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -119,8 +119,8 @@ if ($_POST) { if ($_POST['disablelargereceiveoffloading'] == "yes") { $config['system']['disablelargereceiveoffloading'] = true; } else { - unset($config['system']['disablelargereceiveoffloading']); hi -} + unset($config['system']['disablelargereceiveoffloading']); + } setup_microcode(); -- cgit v1.1 From c0a3864eb85a2cae67b6c39321c7138fb7a9a6cb Mon Sep 17 00:00:00 2001 From: marjohn56 Date: Thu, 22 Dec 2016 19:56:47 +0000 Subject: Added real DUID placeholder, new text and call to new get_duid_from_file() function. --- src/usr/local/www/system_advanced_network.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index be6cd0f..c607ee3 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -158,6 +158,7 @@ $tab_array[] = array(gettext("Networking"), true, "system_advanced_network.php") $tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php"); $tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php"); $tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php"); +$duid = get_duid_from_file(); display_top_tabs($tab_array); $form = new Form; @@ -204,9 +205,11 @@ $section->addInput(new Form_Input( 'DHCP6 DUID', 'text', $pconfig['global-v6duid'], - ['placeholder' => 'xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx'] - ))->setWidth(9)->sethelp('Enter the DUID to use here. Use this option if using RAM Disk, as the DUID will be lost on reboot. The existing DUID may be found in var/db/dhcp6_duid.' .'
' . - 'NOTE: Do not use this option with multiple DHCP6 WAN interfaces.'); + ['placeholder' => $duid] + ))->setWidth(9)->sethelp('The current DUID is displayed above. You may enter a new DUID whuch will be used on the next WAN interface UP event.' .'
' . + 'Unless you enter a DUID the system will default to using the DUID created by the client on start, this DUID is NOT saved to config.' . + 'It is strongly recommended if you use RAM disk to enter a DUID here and then SAVE, the DUID will then be saved to config also and' . + ' will be active on the next WAN interface UP event.'); $form->add($section); $section = new Form_Section('Network Interfaces'); -- cgit v1.1 From e8165036d22ed0b3efa15a3cd2e64f015393552f Mon Sep 17 00:00:00 2001 From: marjohn56 Date: Thu, 22 Dec 2016 20:03:01 +0000 Subject: format correction --- src/usr/local/www/system_advanced_network.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index c607ee3..b36f7d0 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -119,7 +119,7 @@ if ($_POST) { if ($_POST['disablelargereceiveoffloading'] == "yes") { $config['system']['disablelargereceiveoffloading'] = true; } else { - unset($config['system']['disablelargereceiveoffloading']); + unset($config['system']['disablelargereceiveoffloading']); } setup_microcode(); -- cgit v1.1 From 1b17a4c9a49d648091811c6ec49eb633a9bfb9a6 Mon Sep 17 00:00:00 2001 From: marjohn56 Date: Fri, 23 Dec 2016 08:20:43 +0000 Subject: changed to text to reflect standard text in other options. --- src/usr/local/www/system_advanced_network.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index b36f7d0..8b8c7a8 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -208,8 +208,8 @@ $section->addInput(new Form_Input( ['placeholder' => $duid] ))->setWidth(9)->sethelp('The current DUID is displayed above. You may enter a new DUID whuch will be used on the next WAN interface UP event.' .'
' . 'Unless you enter a DUID the system will default to using the DUID created by the client on start, this DUID is NOT saved to config.' . - 'It is strongly recommended if you use RAM disk to enter a DUID here and then SAVE, the DUID will then be saved to config also and' . - ' will be active on the next WAN interface UP event.'); + 'It is strongly recommended if you use RAM disk to enter a DUID here and then save. The saved DUID will take effect after a machine'. + ' reboot or re-configure of the WAN interface(s).'); $form->add($section); $section = new Form_Section('Network Interfaces'); -- cgit v1.1 From 3033c93fb23ae00b06a8a8c12252ad33df526233 Mon Sep 17 00:00:00 2001 From: marjohn56 Date: Tue, 27 Dec 2016 19:59:21 +0000 Subject: Changes as requested --- src/usr/local/www/system_advanced_network.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 8b8c7a8..3c34e8c 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -91,8 +91,7 @@ if ($_POST) { } else { $config['system']['global-v6duid'] = $_POST['global-v6duid']; } - } - else { + } else { unset($config['system']['global-v6duid']); } -- cgit v1.1 From 416322ee7d7db1fe9d8d416017e4546162bbb766 Mon Sep 17 00:00:00 2001 From: marjohn56 Date: Thu, 29 Dec 2016 09:16:30 +0000 Subject: Changes whuch to which... fat fingers --- src/usr/local/www/system_advanced_network.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 3c34e8c..7361bd3 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -205,7 +205,7 @@ $section->addInput(new Form_Input( 'text', $pconfig['global-v6duid'], ['placeholder' => $duid] - ))->setWidth(9)->sethelp('The current DUID is displayed above. You may enter a new DUID whuch will be used on the next WAN interface UP event.' .'
' . + ))->setWidth(9)->sethelp('The current DUID is displayed above. You may enter a new DUID which will be used on the next WAN interface UP event.' .'
' . 'Unless you enter a DUID the system will default to using the DUID created by the client on start, this DUID is NOT saved to config.' . 'It is strongly recommended if you use RAM disk to enter a DUID here and then save. The saved DUID will take effect after a machine'. ' reboot or re-configure of the WAN interface(s).'); -- cgit v1.1 From fdb0479758339e083f7745d738c9999d86af150f Mon Sep 17 00:00:00 2001 From: jskyboo Date: Thu, 29 Dec 2016 13:52:51 -0800 Subject: Fix ntp gps status - trim sat in use - gps ok for GPGLL - lat & lon direction for GPGGA & GPGLL - sat in use text position fixed --- src/usr/local/www/status_ntpd.php | 18 ++++++++++++------ .../local/www/widgets/widgets/ntp_status.widget.php | 4 ++-- 2 files changed, 14 insertions(+), 8 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/status_ntpd.php b/src/usr/local/www/status_ntpd.php index 56725ab..c37052d 100644 --- a/src/usr/local/www/status_ntpd.php +++ b/src/usr/local/www/status_ntpd.php @@ -110,6 +110,8 @@ if (!isset($config['ntpd']['noquery'])) { $gps_lat = $gps_lat * (($gps_vars[4] == "N") ? 1 : -1); $gps_lon = $gps_lon_deg + $gps_lon_min; $gps_lon = $gps_lon * (($gps_vars[6] == "E") ? 1 : -1); + $gps_la = $gps_vars[4]; + $gps_lo = $gps_vars[6]; } elseif (substr($tmp, 0, 6) == '$GPGGA') { $gps_vars = explode(",", $tmp); $gps_ok = $gps_vars[6]; @@ -123,9 +125,11 @@ if (!isset($config['ntpd']['noquery'])) { $gps_lon = $gps_lon * (($gps_vars[5] == "E") ? 1 : -1); $gps_alt = $gps_vars[9]; $gps_alt_unit = $gps_vars[10]; - $gps_sat = $gps_vars[7]; + $gps_sat = (int)$gps_vars[7]; + $gps_la = $gps_vars[3]; + $gps_lo = $gps_vars[5]; } elseif (substr($tmp, 0, 6) == '$GPGLL') { - $gps_vars = explode(",", $tmp); + $gps_vars = preg_split('/[,\*]+/', $tmp); $gps_ok = ($gps_vars[6] == "A"); $gps_lat_deg = substr($gps_vars[1], 0, 2); $gps_lat_min = substr($gps_vars[1], 2) / 60.0; @@ -135,6 +139,8 @@ if (!isset($config['ntpd']['noquery'])) { $gps_lat = $gps_lat * (($gps_vars[2] == "N") ? 1 : -1); $gps_lon = $gps_lon_deg + $gps_lon_min; $gps_lon = $gps_lon * (($gps_vars[4] == "E") ? 1 : -1); + $gps_la = $gps_vars[2]; + $gps_lo = $gps_vars[4]; } } } @@ -205,7 +211,7 @@ function print_status() { } function print_gps() { - global $gps_lat, $gps_lon, $gps_lat_deg, $gps_lon_deg, $gps_lat_min, $gps_lon_min, $gps_vars, + global $gps_lat, $gps_lon, $gps_lat_deg, $gps_lon_deg, $gps_lat_min, $gps_lon_min, $gps_la, $gps_lo, $gps_alt, $gps_alt_unit, $gps_sat, $gps_satview, $gps_goo_lnk; print("\n"); @@ -214,7 +220,7 @@ function print_gps() { print(" ("); printf("%d%s", $gps_lat_deg, "°"); printf("%.5f", $gps_lat_min*60); - print($gps_vars[4]); + print($gps_la); print(")"); print("\n"); print("\n"); @@ -222,7 +228,7 @@ function print_gps() { print(" ("); printf("%d%s", $gps_lon_deg, "°"); printf("%.5f", $gps_lon_min*60); - print($gps_vars[6]); + print($gps_lo); print(")"); print("\n"); @@ -233,7 +239,7 @@ function print_gps() { } if (isset($gps_sat) || isset($gps_satview)) { - print(''); + print(''); if (isset($gps_satview)) { print(gettext('in view ') . intval($gps_satview)); diff --git a/src/usr/local/www/widgets/widgets/ntp_status.widget.php b/src/usr/local/www/widgets/widgets/ntp_status.widget.php index b47a6fd..e29f381 100644 --- a/src/usr/local/www/widgets/widgets/ntp_status.widget.php +++ b/src/usr/local/www/widgets/widgets/ntp_status.widget.php @@ -105,11 +105,11 @@ if ($_REQUEST['updateme']) { $gps_lon = $gps_lon * (($gps_vars[5] == "E") ? 1 : -1); $gps_alt = $gps_vars[9]; $gps_alt_unit = $gps_vars[10]; - $gps_sat = $gps_vars[7]; + $gps_sat = (int)$gps_vars[7]; $gps_la = $gps_vars[3]; $gps_lo = $gps_vars[5]; } elseif (substr($tmp, 0, 6) == '$GPGLL') { - $gps_vars = explode(",", $tmp); + $gps_vars = preg_split('/[,\*]+/', $tmp); $gps_ok = ($gps_vars[6] == "A"); $gps_lat_deg = substr($gps_vars[1], 0, 2); $gps_lat_min = substr($gps_vars[1], 2) / 60.0; -- cgit v1.1 From 76895c7f1d77c8e17913a3ddf87636fc4d50058d Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Sat, 31 Dec 2016 17:10:23 +0545 Subject: firewall_rules_edit stop Floating field displaying Seems to fix https://redmine.pfsense.org/issues/7057 But I have not looked underneath the hood - just copied the way other hidden fields are done in that code. --- src/usr/local/www/firewall_rules_edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/firewall_rules_edit.php b/src/usr/local/www/firewall_rules_edit.php index 6cea900..2688982 100644 --- a/src/usr/local/www/firewall_rules_edit.php +++ b/src/usr/local/www/firewall_rules_edit.php @@ -1239,7 +1239,7 @@ if ($if == "FloatingRules" || isset($pconfig['floating'])) { ) )); - $section->addInput(new Form_Input( + $form->addGlobal(new Form_Input( 'floating', 'Floating', 'hidden', -- cgit v1.1 From 5e391e58439fa189518370fa8d16ffd2e8a1002d Mon Sep 17 00:00:00 2001 From: stilez Date: Sat, 31 Dec 2016 11:42:53 +0000 Subject: Improve labels + help text for IPv6 tunneling options * Move the help message to be on the group as a whole not just the IP input field * Clarify the IP field (label states "IP address and explains tunelling, but whgat address should be entered and should it be IPv4, IPv6 or either? This isn't made clear. * Group title uses the term "tunneling" and this is probably the most commonly understandable term, so keep it consistent and don;'t switch to "encapsulation" halfway through. (We use the term "encapsulation" in the help text already so it's there for purists) --- src/usr/local/www/system_advanced_network.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 06a4e2d..f5fdf73 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -158,23 +158,25 @@ $section->addInput(new Form_Checkbox( ))->setHelp('NOTE: This does not disable any IPv6 features on the firewall, it only '. 'blocks traffic.'); + $group = new Form_Group('IPv6 over IPv4 Tunneling'); $group->add(new Form_Checkbox( 'ipv6nat_enable', 'IPv6 over IPv4 Tunneling', - 'Enable IPv4 NAT encapsulation of IPv6 packets', + 'Enable IPv6 over IPv4 tunneling', $pconfig['ipv6nat_enable'] )); $group->add(new Form_Input( 'ipv6nat_ipaddr', - 'IP address', + 'IP address of tunneling peer', 'text', $pconfig['ipv6nat_ipaddr'] -))->setHelp('Enable IPv4 NAT encapsulation of IPv6 packets.
This provides an '. - 'RFC 2893 compatibility mechanism that can be used to tunneling IPv6 packets over '. - 'IPv4 routing infrastructures. If enabled, don\'t forget to add a firewall rule to '. - 'permit IPv6 packets.'); +))->setHelp('The IPv4 address of the tunneling peer'); + +$group->setHelp('These options create an RFC 2893 compatible mechanism for IPv4 NAT encapsulation of IPv6 packets, that can be used ' . + 'to tunnel IPv6 packets over IPv4 routing infrastructures. A firewall rule to allow passing of IPv6 packets ' . + 'must also be created.'); $section->add($group); -- cgit v1.1 From a56e37ca671873418e82382a8466b8014bf4bc83 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Sun, 1 Jan 2017 23:42:43 +0100 Subject: Improve - System - General - DNS Server Settings descriptions - Add missing DNS Resolver references - Nuke PPTP VPN mentions - Use letter case consistently. The "Disable DNS Forwarder" option naming is rather unfortunate as well (would be much better with something like "Use local DNS server"), but changing that would require documentation changes. --- src/usr/local/www/system.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system.php b/src/usr/local/www/system.php index 83ab5e7..ff82c9a 100644 --- a/src/usr/local/www/system.php +++ b/src/usr/local/www/system.php @@ -391,7 +391,8 @@ for ($i=1; $i<5; $i++) { ))->setHelp(($i == 4) ? 'Address':null); $help = "Enter IP addresses to be used by the system for DNS resolution. " . - "These are also used for the DHCP service, DNS forwarder and for PPTP VPN clients."; + "These are also used for the DHCP service, DNS Forwarder and DNS Resolver " . + "(if it has DNS Query Forwarding enabled)."; if ($multiwan) { $options = array('none' => 'none'); @@ -433,18 +434,18 @@ $section->addInput(new Form_Checkbox( $pconfig['dnsallowoverride'] ))->setHelp(sprintf(gettext('If this option is set, %s will use DNS servers '. 'assigned by a DHCP/PPP server on WAN for its own purposes (including '. - 'the DNS forwarder). However, they will not be assigned to DHCP and PPTP '. - 'VPN clients.'), $g['product_name'])); + 'the DNS Forwarder/DNS Resolver). However, they will not be assigned to DHCP '. + 'clients.'), $g['product_name'])); $section->addInput(new Form_Checkbox( 'dnslocalhost', 'Disable DNS Forwarder', - 'Do not use the DNS Forwarder as a DNS server for the firewall', + 'Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall', $pconfig['dnslocalhost'] ))->setHelp('By default localhost (127.0.0.1) will be used as the first DNS '. 'server where the DNS Forwarder or DNS Resolver is enabled and set to '. - 'listen on Localhost, so system can use the local DNS service to perform '. - 'lookups. Checking this box omits localhost from the list of DNS servers.'); + 'listen on localhost, so system can use the local DNS service to perform '. + 'lookups. Checking this box omits localhost from the list of DNS servers in resolv.conf.'); $form->add($section); -- cgit v1.1 From 58523c575f9d075f0a8195e0889606955c76b227 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Mon, 2 Jan 2017 00:09:28 +0100 Subject: Improve Unbound forwarding mode description Make this consistent with System - General Setup - DNS Server Settings. --- src/usr/local/www/services_unbound.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php index b79548c..09f2be5 100644 --- a/src/usr/local/www/services_unbound.php +++ b/src/usr/local/www/services_unbound.php @@ -317,7 +317,9 @@ $section->addInput(new Form_Checkbox( 'DNS Query Forwarding', 'Enable Forwarding Mode', $pconfig['forwarding'] -)); +))->setHelp(sprintf('If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under'. + ' %sSystem: General Setup%s or those obtained via DHCP/PPP on WAN'. + ' (if DNS Server Override is enabled there).','','')); $section->addInput(new Form_Checkbox( 'regdhcp', -- cgit v1.1 From 128b93e04dc4a01de6972f34a8e43f6428b2b5ea Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Mon, 2 Jan 2017 12:53:32 +0545 Subject: OpenVPN Client 2.4 save correct protocol This needs to be fixed the same as vpn_openvpn_server.php --- src/usr/local/www/vpn_openvpn_client.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 399d099..5cfd6f9 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -447,7 +447,7 @@ if ($act=="new" || $act=="edit"): 'protocol', 'Protocol', $pconfig['protocol'], - array_combine($openvpn_prots, $openvpn_prots) + $openvpn_prots )); $section->addInput(new Form_Select( -- cgit v1.1 From c337280901d3eedf98e195bd99d30d2ed9d4df1e Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 2 Jan 2017 09:50:26 -0500 Subject: Fix up wording of the DUID option. --- src/usr/local/www/system_advanced_network.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 7361bd3..b99dad8 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -205,10 +205,13 @@ $section->addInput(new Form_Input( 'text', $pconfig['global-v6duid'], ['placeholder' => $duid] - ))->setWidth(9)->sethelp('The current DUID is displayed above. You may enter a new DUID which will be used on the next WAN interface UP event.' .'
' . - 'Unless you enter a DUID the system will default to using the DUID created by the client on start, this DUID is NOT saved to config.' . - 'It is strongly recommended if you use RAM disk to enter a DUID here and then save. The saved DUID will take effect after a machine'. - ' reboot or re-configure of the WAN interface(s).'); + ))->setWidth(9)->sethelp('This is the DHCPv6 Unique Identifier (DUID) used by the firewall when requesting an IPv6 address. ' . + '
' . + 'By default, the firewall automatically creates a dynamic DUID which is not saved in the firewall configuration. '. + 'To ensure the same DUID is retained by the firewall at all times, enter a DUID in this field. ' . + 'The new DUID will take effect after a reboot or when the WAN interface(s) are reconfigured by the firewall.' . + '
' . + 'If the firewall is configured to use a RAM disk for /var, the best practice is to store a DUID here otherwise the DUID will change on each reboot. '); $form->add($section); $section = new Form_Section('Network Interfaces'); -- cgit v1.1 From cee543b79910c5225cd0636cef87a95f085d406a Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Mon, 2 Jan 2017 10:41:34 -0200 Subject: Fix indent --- src/usr/local/www/system_advanced_misc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php index 817b745..796a32b 100644 --- a/src/usr/local/www/system_advanced_misc.php +++ b/src/usr/local/www/system_advanced_misc.php @@ -590,7 +590,7 @@ events.push(function() { } }); - drb = ""; + drb = ""; if (drb == "yes") { $('form').append(""); -- cgit v1.1 From dc6d47759f716a0ecf4065988945b02d0486742b Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Mon, 2 Jan 2017 12:51:20 -0200 Subject: Check if array key exist before read its value --- src/usr/local/www/diag_reboot.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/diag_reboot.php b/src/usr/local/www/diag_reboot.php index 8b6229e..8052e40 100644 --- a/src/usr/local/www/diag_reboot.php +++ b/src/usr/local/www/diag_reboot.php @@ -43,8 +43,8 @@ $guiretry = 20; // Seconds to try again if $guitimeout was not long enough $pgtitle = array(gettext("Diagnostics"), gettext("Reboot")); include("head.inc"); - -if (($_SERVER['REQUEST_METHOD'] == 'POST') && ($_POST['override'] != "yes")) { +if (($_SERVER['REQUEST_METHOD'] == 'POST') && (empty($_POST['override']) || + ($_POST['override'] != "yes"))): if (DEBUG) { print_info_box(gettext("Not actually rebooting (DEBUG is set true)."), 'success'); } else { @@ -98,7 +98,7 @@ events.push(function() { //]]> @@ -135,6 +135,6 @@ events.push(function() { Date: Mon, 2 Jan 2017 10:09:36 -0500 Subject: Theoretical fix for #6972 --- src/usr/local/www/js/pfSense.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/js/pfSense.js b/src/usr/local/www/js/pfSense.js index da33129..c07f857 100644 --- a/src/usr/local/www/js/pfSense.js +++ b/src/usr/local/www/js/pfSense.js @@ -143,7 +143,7 @@ $(function() { // Use element title in the confirmation message, or if not available // the element value $('.btn-danger, .fa-trash').on('click', function(e){ - if (!($(this).hasClass('no-confirm'))) { + if ( !($(this).hasClass('no-confirm')) && !($(this).hasClass('icon-embed-btn')) ) { var msg = $.trim(this.textContent).toLowerCase(); if (!msg) @@ -230,7 +230,7 @@ $(function() { $('.table-rowdblclickedit>tbody>tr').dblclick(function () { $(this).find(".fa-pencil")[0].click(); }); - + // Focus first input $(':input:enabled:visible:first').focus(); @@ -238,7 +238,7 @@ $(function() { $(this).css('height', 80).resizable({minHeight: 80, minWidth: 200}).parent().css('padding-bottom', 0); $(this).css('height', 78); }); - + // Run in-page defined events while (func = window.events.shift()) func(); -- cgit v1.1 From 243181851d026adbae843761e7ca0f967973e767 Mon Sep 17 00:00:00 2001 From: Steve Beaver Date: Mon, 2 Jan 2017 10:16:40 -0500 Subject: Revert "Theoretical fix for #6972" This reverts commit 335e63d66ce8af690d1a144d4ec6b385cbe39af4. --- src/usr/local/www/js/pfSense.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/js/pfSense.js b/src/usr/local/www/js/pfSense.js index c07f857..da33129 100644 --- a/src/usr/local/www/js/pfSense.js +++ b/src/usr/local/www/js/pfSense.js @@ -143,7 +143,7 @@ $(function() { // Use element title in the confirmation message, or if not available // the element value $('.btn-danger, .fa-trash').on('click', function(e){ - if ( !($(this).hasClass('no-confirm')) && !($(this).hasClass('icon-embed-btn')) ) { + if (!($(this).hasClass('no-confirm'))) { var msg = $.trim(this.textContent).toLowerCase(); if (!msg) @@ -230,7 +230,7 @@ $(function() { $('.table-rowdblclickedit>tbody>tr').dblclick(function () { $(this).find(".fa-pencil")[0].click(); }); - + // Focus first input $(':input:enabled:visible:first').focus(); @@ -238,7 +238,7 @@ $(function() { $(this).css('height', 80).resizable({minHeight: 80, minWidth: 200}).parent().css('padding-bottom', 0); $(this).css('height', 78); }); - + // Run in-page defined events while (func = window.events.shift()) func(); -- cgit v1.1 From 3d116b5c8d5c6474821d3a6607f9fa929df2f481 Mon Sep 17 00:00:00 2001 From: doktornotor Date: Mon, 2 Jan 2017 16:27:15 +0100 Subject: Update format --- src/usr/local/www/services_unbound.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php index 09f2be5..6067941 100644 --- a/src/usr/local/www/services_unbound.php +++ b/src/usr/local/www/services_unbound.php @@ -128,7 +128,7 @@ if ($_POST) { } } if ($founddns == false) { - $input_errors[] = gettext("At least one DNS server must be specified under System>General Setup to enable Forwarding mode."); + $input_errors[] = gettext("At least one DNS server must be specified under System > General Setup to enable Forwarding mode."); } } @@ -318,7 +318,7 @@ $section->addInput(new Form_Checkbox( 'Enable Forwarding Mode', $pconfig['forwarding'] ))->setHelp(sprintf('If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under'. - ' %sSystem: General Setup%s or those obtained via DHCP/PPP on WAN'. + ' %sSystem > General Setup%s or those obtained via DHCP/PPP on WAN'. ' (if DNS Server Override is enabled there).','','')); $section->addInput(new Form_Checkbox( @@ -328,7 +328,7 @@ $section->addInput(new Form_Checkbox( $pconfig['regdhcp'] ))->setHelp(sprintf('If this option is set, then machines that specify their hostname when requesting a DHCP lease will be registered'. ' in the DNS Resolver, so that their name can be resolved.'. - ' The domain in %sSystem: General Setup%s should also be set to the proper value.','','')); + ' The domain in %sSystem > General Setup%s should also be set to the proper value.','','')); $section->addInput(new Form_Checkbox( 'regdhcpstatic', @@ -336,7 +336,7 @@ $section->addInput(new Form_Checkbox( 'Register DHCP static mappings in the DNS Resolver', $pconfig['regdhcpstatic'] ))->setHelp(sprintf('If this option is set, then DHCP static mappings will be registered in the DNS Resolver, so that their name can be resolved. '. - 'The domain in %sSystem: General Setup%s should also be set to the proper value.','','')); + 'The domain in %sSystem > General Setup%s should also be set to the proper value.','','')); $btnadv = new Form_Button( 'btnadvcustom', @@ -557,7 +557,7 @@ endforeach; " service (if enabled) will automatically serve the LAN IP". " address as a DNS server to DHCP clients so they will use". " the DNS Resolver. If Forwarding is enabled, the DNS Resolver will use the DNS servers". - " entered in %sSystem: General Setup%s". + " entered in %sSystem > General Setup%s". " or those obtained via DHCP or PPP on WAN if "Allow". " DNS server list to be overridden by DHCP/PPP on WAN"". " is checked."), '', ''), 'info', false); ?> -- cgit v1.1 From 6c1e85e544814d336b47fbc782a6aff77ea7301f Mon Sep 17 00:00:00 2001 From: doktornotor Date: Mon, 2 Jan 2017 16:28:28 +0100 Subject: Change wording --- src/usr/local/www/system.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system.php b/src/usr/local/www/system.php index ff82c9a..980e773 100644 --- a/src/usr/local/www/system.php +++ b/src/usr/local/www/system.php @@ -392,7 +392,7 @@ for ($i=1; $i<5; $i++) { $help = "Enter IP addresses to be used by the system for DNS resolution. " . "These are also used for the DHCP service, DNS Forwarder and DNS Resolver " . - "(if it has DNS Query Forwarding enabled)."; + "when it has DNS Query Forwarding enabled."; if ($multiwan) { $options = array('none' => 'none'); -- cgit v1.1 From fab3c245cfb52964cebdab2ea47dddb21731352a Mon Sep 17 00:00:00 2001 From: Steve Beaver Date: Mon, 2 Jan 2017 11:34:38 -0500 Subject: Fixed #6972 I was only able to reproduce tis issue using Chrome, but it should now be resolved --- src/usr/local/www/js/pfSense.js | 6 +++--- src/usr/local/www/js/pfSenseHelpers.js | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/js/pfSense.js b/src/usr/local/www/js/pfSense.js index da33129..2a6bc16 100644 --- a/src/usr/local/www/js/pfSense.js +++ b/src/usr/local/www/js/pfSense.js @@ -143,7 +143,7 @@ $(function() { // Use element title in the confirmation message, or if not available // the element value $('.btn-danger, .fa-trash').on('click', function(e){ - if (!($(this).hasClass('no-confirm'))) { + if (!($(this).hasClass('no-confirm')) && !($(this).hasClass('icon-embed-btn'))) { var msg = $.trim(this.textContent).toLowerCase(); if (!msg) @@ -230,7 +230,7 @@ $(function() { $('.table-rowdblclickedit>tbody>tr').dblclick(function () { $(this).find(".fa-pencil")[0].click(); }); - + // Focus first input $(':input:enabled:visible:first').focus(); @@ -238,7 +238,7 @@ $(function() { $(this).css('height', 80).resizable({minHeight: 80, minWidth: 200}).parent().css('padding-bottom', 0); $(this).css('height', 78); }); - + // Run in-page defined events while (func = window.events.shift()) func(); diff --git a/src/usr/local/www/js/pfSenseHelpers.js b/src/usr/local/www/js/pfSenseHelpers.js index b77ec1f..e879f15 100644 --- a/src/usr/local/www/js/pfSenseHelpers.js +++ b/src/usr/local/www/js/pfSenseHelpers.js @@ -375,9 +375,9 @@ $('[id^=addrow]').click(function() { $('[id^=delete]').click(function(event) { if ($('.repeatable').length > 1) { if ((typeof retainhelp) == "undefined") - moveHelpText(event.target.id); + moveHelpText($(this).attr("id")); - delete_row(event.target.id); + delete_row($(this).attr("id")); } else { alert('The last row may not be deleted.'); } -- cgit v1.1 From 2906d13941ce07e59e5977f75a5bf5a8b1987b68 Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 2 Jan 2017 12:17:41 -0500 Subject: Fix printing of local/remote host in OpenVPN status for Client Instances. If the client was not connected it was printing a ":" and nothing else in the field which was odd/confusing. Ticket #2766 --- src/usr/local/www/status_openvpn.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/status_openvpn.php b/src/usr/local/www/status_openvpn.php index 9997703..0a71ac2 100644 --- a/src/usr/local/www/status_openvpn.php +++ b/src/usr/local/www/status_openvpn.php @@ -312,7 +312,13 @@ include("head.inc"); ?> - : + + + (pending) + + : + + @@ -320,7 +326,13 @@ include("head.inc"); ?> - : + + + (pending) + + : + + / -- cgit v1.1 From c66990a8b0f1b8f2246946a6fe7445d6696e13c5 Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 2 Jan 2017 13:52:33 -0500 Subject: Fix up and enchance the help text for DH parameters, point to the doc wiki for info on how to generate new ones. Also add help text for ECDH Curve. #7063 --- src/usr/local/www/vpn_openvpn_server.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 433b689..8da8fee 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -775,14 +775,24 @@ if ($act=="new" || $act=="edit"): 'DH Parameter Length', $pconfig['dh_length'], $openvpn_dh_lengths - ))->setHelp(count($a_cert) ? '':sprintf('No Certificates defined. One may be created here: %s', 'System > Cert. Manager')); + ))->setHelp('Diffie-Hellman (DH) parameter set used for key exchange.' . + '
' . + sprint_info_box('Only DH parameter sets which exist in /etc/ are shown. ' . + '
' . + 'Generating new or stronger DH parameters is CPU-intensive and must be performed manually. ' . + 'Consult the doc wiki article on DH Parameters ' . + 'for information on generating new or stronger paramater sets.', 'info', false) . + '
'); $section->addInput(new Form_Select( 'ecdh_curve', 'ECDH Curve', $pconfig['ecdh_curve'], openvpn_get_curvelist() - )); + ))->setHelp('The Elliptic Curve to use for key exchange. ' . + '
' . + 'The curve from the server certificate is used by default when the server uses an ECDSA certificate. ' . + 'Otherwise, secp384r1 is used as a fallback.'); if (!$pconfig['shared_key']) { $section->addInput(new Form_Checkbox( -- cgit v1.1 From a4b3624650aa46c9dc4a20afc5b522c6b9191904 Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 2 Jan 2017 21:24:07 -0500 Subject: Bring compression options in line with OpenVPN 2.4. Note that the old style options are deprecated/legacy but don't remove yet, for compatibility. Implements #7064 --- src/usr/local/www/vpn_openvpn_server.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 8da8fee..452826d 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -165,6 +165,7 @@ if ($_GET['act'] == "edit") { $pconfig['local_networkv6'] = $a_server[$id]['local_networkv6']; $pconfig['maxclients'] = $a_server[$id]['maxclients']; $pconfig['compression'] = $a_server[$id]['compression']; + $pconfig['compression_push'] = $a_server[$id]['compression_push']; $pconfig['passtos'] = $a_server[$id]['passtos']; $pconfig['client2client'] = $a_server[$id]['client2client']; @@ -498,6 +499,7 @@ if ($_POST) { $server['local_networkv6'] = $pconfig['local_networkv6']; $server['maxclients'] = $pconfig['maxclients']; $server['compression'] = $pconfig['compression']; + $server['compression_push'] = $pconfig['compression_push']; $server['passtos'] = $pconfig['passtos']; $server['client2client'] = $pconfig['client2client']; @@ -962,6 +964,13 @@ if ($act=="new" || $act=="edit"): 'packets is not being compressed efficiently.'); $section->addInput(new Form_Checkbox( + 'compression_push', + 'Push Compression', + 'Push the selected Compression setting to connecting clients.', + $pconfig['compression_push'] + )); + + $section->addInput(new Form_Checkbox( 'passtos', 'Type-of-Service', 'Set the TOS IP header value of tunnel packets to match the encapsulated packet value.', @@ -1308,6 +1317,7 @@ events.push(function() { hideCheckbox('autokey_enable', true); hideInput('shared_key', false); hideInput('topology', false); + hideCheckbox('compression_push', false); break; case "server_tls_user": hideInput('tls', false); @@ -1319,6 +1329,7 @@ events.push(function() { hideCheckbox('autokey_enable', true); hideInput('shared_key', true); hideInput('topology', false); + hideCheckbox('compression_push', false); break; case "p2p_shared_key": hideInput('tls', true); @@ -1335,6 +1346,7 @@ events.push(function() { hideCheckbox('autokey_enable', true); hideInput('shared_key', false); hideInput('topology', true); + hideCheckbox('compression_push', true); break; } -- cgit v1.1 From c13c0fd0fe547fa8e35997d7ede7f8a6b33088fa Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 2 Jan 2017 22:18:13 -0500 Subject: Reject the invalid OpenVPN combination of static key + GCM. Fixes #7068 --- src/usr/local/www/vpn_openvpn_client.php | 4 ++++ src/usr/local/www/vpn_openvpn_server.php | 4 ++++ 2 files changed, 8 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 5cfd6f9..78d638d 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -293,6 +293,10 @@ if ($_POST) { } } + if (($pconfig['mode'] == "p2p_shared_key") && strstr($pconfig['crypto'], "GCM")) { + $input_errors[] = gettext("CGM Encryption Algorithms cannot be used with Shared Key mode."); + } + /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { $reqdfields = explode(" ", "caref"); diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 452826d..b30a908 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -415,6 +415,10 @@ if ($_POST) { $reqdfieldsn = array(gettext('Shared key')); } + if (($pconfig['mode'] == "p2p_shared_key") && strstr($pconfig['crypto'], "GCM")) { + $input_errors[] = gettext("CGM Encryption Algorithms cannot be used with Shared Key mode."); + } + if ($pconfig['dev_mode'] != "tap") { $reqdfields[] = 'tunnel_network'; $reqdfieldsn[] = gettext('Tunnel network'); -- cgit v1.1 From 46c06ade87cbea59d1113a23a5d91f15dab9048c Mon Sep 17 00:00:00 2001 From: jim-p Date: Mon, 2 Jan 2017 22:35:51 -0500 Subject: Fix typo. Ticket #7068 --- src/usr/local/www/vpn_openvpn_client.php | 2 +- src/usr/local/www/vpn_openvpn_server.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 78d638d..a8089c8 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -294,7 +294,7 @@ if ($_POST) { } if (($pconfig['mode'] == "p2p_shared_key") && strstr($pconfig['crypto'], "GCM")) { - $input_errors[] = gettext("CGM Encryption Algorithms cannot be used with Shared Key mode."); + $input_errors[] = gettext("GCM Encryption Algorithms cannot be used with Shared Key mode."); } /* If we are not in shared key mode, then we need the CA/Cert. */ diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index b30a908..0468e22 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -416,7 +416,7 @@ if ($_POST) { } if (($pconfig['mode'] == "p2p_shared_key") && strstr($pconfig['crypto'], "GCM")) { - $input_errors[] = gettext("CGM Encryption Algorithms cannot be used with Shared Key mode."); + $input_errors[] = gettext("GCM Encryption Algorithms cannot be used with Shared Key mode."); } if ($pconfig['dev_mode'] != "tap") { -- cgit v1.1 From 44c423566b6eff18ec43ee77edddb94e3a3aa858 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Tue, 3 Jan 2017 10:50:22 +0545 Subject: Report problems applying changes 1) Strictly keep track of the accumulating $retval from calls to various functions that apply changes. 2) Use new function print_apply_result_box() to print a suitable message in a suitable severity based on $retval --- src/usr/local/www/firewall_aliases.php | 19 ++++------ src/usr/local/www/firewall_nat.php | 5 ++- src/usr/local/www/firewall_nat_1to1.php | 5 ++- src/usr/local/www/firewall_nat_npt.php | 5 ++- src/usr/local/www/firewall_nat_out.php | 16 ++++----- src/usr/local/www/firewall_shaper.php | 32 ++++++----------- src/usr/local/www/firewall_shaper_queues.php | 14 ++------ src/usr/local/www/firewall_shaper_vinterface.php | 34 ++++++------------ src/usr/local/www/firewall_shaper_wizards.php | 13 ++----- src/usr/local/www/firewall_virtual_ip.php | 5 ++- src/usr/local/www/guiconfig.inc | 31 +++++++++++++++-- src/usr/local/www/interfaces.php | 16 +++++---- src/usr/local/www/interfaces_assign.php | 26 ++++++-------- src/usr/local/www/load_balancer_monitor.php | 5 ++- src/usr/local/www/load_balancer_pool.php | 5 ++- src/usr/local/www/load_balancer_setting.php | 5 ++- src/usr/local/www/load_balancer_virtual_server.php | 5 ++- src/usr/local/www/services_captiveportal_mac.php | 5 ++- src/usr/local/www/services_dhcp.php | 15 ++++---- src/usr/local/www/services_dhcp_relay.php | 10 +++--- src/usr/local/www/services_dhcpv6.php | 20 ++++++----- src/usr/local/www/services_dhcpv6_relay.php | 8 ++--- src/usr/local/www/services_dnsmasq.php | 7 ++-- src/usr/local/www/services_igmpproxy.php | 13 +++---- src/usr/local/www/services_ntpd.php | 9 ++--- src/usr/local/www/services_ntpd_acls.php | 9 ++--- src/usr/local/www/services_ntpd_gps.php | 9 +++-- src/usr/local/www/services_ntpd_pps.php | 8 ++--- src/usr/local/www/services_pppoe.php | 5 ++- .../local/www/services_router_advertisements.php | 15 +++++--- src/usr/local/www/services_snmp.php | 8 ++--- src/usr/local/www/services_unbound.php | 8 ++--- src/usr/local/www/services_unbound_acls.php | 8 ++--- src/usr/local/www/services_unbound_advanced.php | 8 ++--- src/usr/local/www/status_lb_pool.php | 5 ++- src/usr/local/www/status_logs.php | 4 +-- src/usr/local/www/status_logs_common.inc | 40 +++++++++++----------- src/usr/local/www/status_logs_filter.php | 5 ++- src/usr/local/www/status_logs_filter_dynamic.php | 5 ++- src/usr/local/www/status_logs_filter_summary.php | 5 ++- src/usr/local/www/status_logs_settings.php | 17 +++++---- src/usr/local/www/system.php | 9 +++-- src/usr/local/www/system_advanced_admin.php | 11 +++--- src/usr/local/www/system_advanced_firewall.php | 15 +++----- src/usr/local/www/system_advanced_misc.php | 12 +++---- src/usr/local/www/system_advanced_network.php | 16 ++++----- src/usr/local/www/system_advanced_sysctl.php | 5 ++- src/usr/local/www/system_gateway_groups.php | 7 ++-- src/usr/local/www/system_gateways.php | 8 ++--- src/usr/local/www/system_groupmanager_addprivs.php | 12 +------ src/usr/local/www/system_routes.php | 7 ++-- src/usr/local/www/system_usermanager_addprivs.php | 12 +------ src/usr/local/www/vpn_ipsec.php | 20 +++++------ src/usr/local/www/vpn_ipsec_keys.php | 10 +++--- src/usr/local/www/vpn_ipsec_mobile.php | 9 +++-- src/usr/local/www/vpn_ipsec_settings.php | 14 +++----- src/usr/local/www/vpn_l2tp.php | 13 +++---- src/usr/local/www/vpn_l2tp_users.php | 7 ++-- 58 files changed, 302 insertions(+), 372 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/firewall_aliases.php b/src/usr/local/www/firewall_aliases.php index 55069d8..ec98e15 100644 --- a/src/usr/local/www/firewall_aliases.php +++ b/src/usr/local/www/firewall_aliases.php @@ -48,15 +48,8 @@ if ($_POST) { $retval = 0; /* reload all components that use aliases */ - $retval = filter_configure(); + $retval |= filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = "success"; - } else { - $savemsg = $retval; - $class = "danger"; - } if ($retval == 0) { clear_subsystem_dirty('aliases'); } @@ -99,8 +92,7 @@ if ($_GET['act'] == "del") { // Static routes find_alias_reference(array('staticroutes', 'route'), array('network'), $alias_name, $is_alias_referenced, $referenced_by); if ($is_alias_referenced == true) { - $savemsg = sprintf(gettext("Cannot delete alias. Currently in use by %s."), htmlspecialchars($referenced_by)); - $class = "danger"; + $delete_error = sprintf(gettext("Cannot delete alias. Currently in use by %s."), htmlspecialchars($referenced_by)); } else { if (preg_match("/urltable/i", $a_aliases[$_GET['id']]['type'])) { // this is a URL table type alias, delete its file as well @@ -173,8 +165,11 @@ $shortcut_section = "aliases"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, $class); +if ($delete_error) { + print_info_box($delete_error, 'danger'); +} +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('aliases')) { diff --git a/src/usr/local/www/firewall_nat.php b/src/usr/local/www/firewall_nat.php index 3fd7c36..681c981 100644 --- a/src/usr/local/www/firewall_nat.php +++ b/src/usr/local/www/firewall_nat.php @@ -86,7 +86,6 @@ if ($_POST) { $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); pfSense_handle_custom_code("/usr/local/pkg/firewall_nat/apply"); @@ -186,8 +185,8 @@ if (isset($_POST['del_x'])) { $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("Port Forward")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { diff --git a/src/usr/local/www/firewall_nat_1to1.php b/src/usr/local/www/firewall_nat_1to1.php index 5ae075b..87f9169 100644 --- a/src/usr/local/www/firewall_nat_1to1.php +++ b/src/usr/local/www/firewall_nat_1to1.php @@ -68,7 +68,6 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('natconf'); @@ -122,8 +121,8 @@ if (isset($_POST['del_x'])) { $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("1:1")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { diff --git a/src/usr/local/www/firewall_nat_npt.php b/src/usr/local/www/firewall_nat_npt.php index b585d99..e2d7856 100644 --- a/src/usr/local/www/firewall_nat_npt.php +++ b/src/usr/local/www/firewall_nat_npt.php @@ -69,7 +69,6 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('natconf'); @@ -122,8 +121,8 @@ if (isset($_POST['del_x'])) { $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("NPt")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { diff --git a/src/usr/local/www/firewall_nat_out.php b/src/usr/local/www/firewall_nat_out.php index 6915780..a09988c 100644 --- a/src/usr/local/www/firewall_nat_out.php +++ b/src/usr/local/www/firewall_nat_out.php @@ -82,12 +82,6 @@ if ($_POST['apply']) { $retval = 0; $retval |= filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - } else { - $savemsg = $retval; - } - if ($retval == 0) { clear_subsystem_dirty('natconf'); clear_subsystem_dirty('filter'); @@ -139,7 +133,7 @@ if ($_POST['save']) { } } } - $savemsg = gettext("Default rules for each interface have been created."); + $default_rules_msg = gettext("Default rules for each interface have been created."); unset($FilterIflist, $GatewaysList); } @@ -206,8 +200,12 @@ if (isset($_POST['del_x'])) { $pgtitle = array(gettext("Firewall"), gettext("NAT"), gettext("Outbound")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($default_rules_msg) { + print_info_box($default_rules_msg, 'success'); +} + +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('natconf')) { diff --git a/src/usr/local/www/firewall_shaper.php b/src/usr/local/www/firewall_shaper.php index 82410cc..77850ed 100644 --- a/src/usr/local/www/firewall_shaper.php +++ b/src/usr/local/www/firewall_shaper.php @@ -121,19 +121,11 @@ if ($_GET) { } if (write_config()) { + $changes_applied = true; $retval = 0; $retval |= filter_configure(); - - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'warning'; - } } else { - $savemsg = gettext("Unable to write config.xml (Access Denied?)."); - $class = 'warning'; + $no_write_config_msg = gettext("Unable to write config.xml (Access Denied?)."); } $dfltmsg = true; @@ -280,17 +272,9 @@ if ($_POST) { } } else if ($_POST['apply']) { write_config(); - + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'warning'; - } + $retval |= filter_configure(); /* reset rrd queues */ system("rm -f /var/db/rrd/*queuedrops.rrd"); @@ -369,8 +353,12 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); +if ($no_write_config_msg) { + print_info_box($no_write_config_msg, 'danger'); +} + +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('shaper')) { diff --git a/src/usr/local/www/firewall_shaper_queues.php b/src/usr/local/www/firewall_shaper_queues.php index 0bdb99e..e148150 100644 --- a/src/usr/local/www/firewall_shaper_queues.php +++ b/src/usr/local/www/firewall_shaper_queues.php @@ -167,15 +167,7 @@ if ($_POST['apply']) { $retval = 0; /* Setup pf rules since the user may have changed the optimization value */ - $retval = filter_configure(); - $savemsg = get_std_save_message($retval); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'alert-success'; - } else { - $savemsg = $retval; - $class = 'alert-danger'; - } + $retval |= filter_configure(); /* reset rrd queues */ system("rm -f /var/db/rrd/*queuedrops.rrd"); @@ -198,8 +190,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('shaper')) { diff --git a/src/usr/local/www/firewall_shaper_vinterface.php b/src/usr/local/www/firewall_shaper_vinterface.php index 74526e9..5de573f 100644 --- a/src/usr/local/www/firewall_shaper_vinterface.php +++ b/src/usr/local/www/firewall_shaper_vinterface.php @@ -134,20 +134,11 @@ if ($_GET) { } } if (write_config()) { + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - - if (stristr($retval, "error") != true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'danger'; - } - + $retval |= filter_configure(); } else { - $savemsg = gettext("Unable to write config.xml (Access Denied?)."); - $class = 'danger'; + $no_write_config_msg = gettext("Unable to write config.xml (Access Denied?)."); } $dfltmsg = true; @@ -271,16 +262,9 @@ if ($_POST) { } else if ($_POST['apply']) { write_config(); + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - - if (stristr($retval, "error") != true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'danger'; - } + $retval |= filter_configure(); /* XXX: TODO Make dummynet pretty graphs */ // enable_rrd_graphing(); @@ -369,8 +353,12 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); +if ($no_write_config_msg) { + print_info_box($no_write_config_msg, 'danger'); +} + +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('shaper')) { diff --git a/src/usr/local/www/firewall_shaper_wizards.php b/src/usr/local/www/firewall_shaper_wizards.php index 594ed63..b9d647e 100644 --- a/src/usr/local/www/firewall_shaper_wizards.php +++ b/src/usr/local/www/firewall_shaper_wizards.php @@ -42,14 +42,7 @@ if ($_POST['apply']) { $retval = 0; /* Setup pf rules since the user may have changed the optimization value */ - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'warning'; - } + $retval |= filter_configure(); /* reset rrd queues */ unlink_if_exists("/var/db/rrd/*queuedrops.rrd"); @@ -82,8 +75,8 @@ $tab_array[] = array(gettext("Limiters"), false, "firewall_shaper_vinterface.php $tab_array[] = array(gettext("Wizards"), true, "firewall_shaper_wizards.php"); display_top_tabs($tab_array); -if ($savemsg) { - print_info_box($savemsg, $class); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('shaper')) { diff --git a/src/usr/local/www/firewall_virtual_ip.php b/src/usr/local/www/firewall_virtual_ip.php index 33a1f4f..a15a60b 100644 --- a/src/usr/local/www/firewall_virtual_ip.php +++ b/src/usr/local/www/firewall_virtual_ip.php @@ -79,7 +79,6 @@ if ($_POST) { $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('vip'); } @@ -240,8 +239,8 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); -} else if ($savemsg) { - print_info_box($savemsg, 'success'); +} else if ($_POST['apply']) { + print_apply_result_box($retval); } else if (is_subsystem_dirty('vip')) { print_apply_box(gettext("The VIP configuration has been changed.") . "
" . gettext("The changes must be applied for them to take effect.")); } diff --git a/src/usr/local/www/guiconfig.inc b/src/usr/local/www/guiconfig.inc index d4fc383..7fa8e5d 100644 --- a/src/usr/local/www/guiconfig.inc +++ b/src/usr/local/www/guiconfig.inc @@ -323,6 +323,27 @@ function print_apply_box($msg) { print_info_box($msg, "warning", "apply", gettext("Apply Changes"), 'fa-check', 'success'); } +// Format and print a box reporting that changes have been applied +// $retval = status value from the functions called to apply the changes +// 0 is good +// non-zero is a problem +// $extra_text = optional extra text to display after the standard message +function print_apply_result_box($retval, $extra_text="") { + $result_msg = get_std_save_message($retval); + if ($retval === 0) { + // 0 is success + $severity = "success"; + } else { + // non-zero means there was some problem + $severity = "warning"; + } + + if (strlen($extra_text) > 0) { + $result_msg .= " " . $extra_text; + } + print_info_box($result_msg, $severity); +} + /* * Print Bootstrap callout * @@ -350,10 +371,16 @@ function print_callout($msg, $class = 'info', $heading = '') { echo $callout; } -function get_std_save_message($ok) { +function get_std_save_message($retval) { $filter_related = false; $filter_pages = array("nat", "filter"); - $to_return = gettext("The changes have been applied successfully."); + if ($retval === 0) { + // 0 is success + $to_return = gettext("The changes have been applied successfully."); + } else { + // non-zero means there was some problem + $to_return = gettext("There was a problem applying the changes. See the System Logs."); + } foreach ($filter_pages as $fp) { if (stristr($_SERVER['SCRIPT_FILENAME'], $fp)) { $filter_related = true; diff --git a/src/usr/local/www/interfaces.php b/src/usr/local/www/interfaces.php index a63144d..6f206fc 100755 --- a/src/usr/local/www/interfaces.php +++ b/src/usr/local/www/interfaces.php @@ -407,11 +407,14 @@ if (isset($wancfg['wireless'])) { } +$changes_applied = false; + if ($_POST['apply']) { unset($input_errors); if (!is_subsystem_dirty('interfaces')) { $input_errors[] = gettext("The settings have already been applied!"); } else { + $retval = 0; unlink_if_exists("{$g['tmp_path']}/config.cache"); clear_subsystem_dirty('interfaces'); @@ -440,24 +443,24 @@ if ($_POST['apply']) { } } /* restart snmp so that it binds to correct address */ - services_snmpd_configure(); + $retval |= services_snmpd_configure(); /* sync filter configuration */ setup_gateways_monitor(); clear_subsystem_dirty('interfaces'); - filter_configure(); + $retval |= filter_configure(); enable_rrd_graphing(); + $changes_applied = true; + if (is_subsystem_dirty('staticroutes') && (system_routing_configure() == 0)) { clear_subsystem_dirty('staticroutes'); } } @unlink("{$g['tmp_path']}/.interfaces.apply"); - header("Location: interfaces.php?if={$if}"); - exit; } else if ($_POST) { unset($input_errors); @@ -1695,11 +1698,10 @@ if (is_subsystem_dirty('interfaces')) { gettext("Don't forget to adjust the DHCP Server range if needed after applying.")); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } - $form = new Form(); $section = new Form_Section('General Configuration'); diff --git a/src/usr/local/www/interfaces_assign.php b/src/usr/local/www/interfaces_assign.php index b647fea..26b7a88 100644 --- a/src/usr/local/www/interfaces_assign.php +++ b/src/usr/local/www/interfaces_assign.php @@ -244,7 +244,7 @@ if (isset($_POST['add']) && isset($_POST['if_add'])) { write_config(); - $savemsg = gettext("Interface has been added."); + $action_msg = gettext("Interface has been added."); $class = "success"; } @@ -255,15 +255,9 @@ if (isset($_POST['add']) && isset($_POST['if_add'])) { } else { write_config(); - $retval = filter_configure(); - - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = "success"; - } else { - $savemsg = $retval; - $class = "danger"; - } + $changes_applied = true; + $retval = 0; + $retval |= filter_configure(); } } else if (isset($_POST['Submit'])) { @@ -438,7 +432,7 @@ if (isset($_POST['add']) && isset($_POST['if_add'])) { link_interface_to_vlans($realid, "update"); - $savemsg = gettext("Interface has been deleted."); + $action_msg = gettext("Interface has been deleted."); $class = "success"; } } @@ -464,14 +458,14 @@ include("head.inc"); if (file_exists("/var/run/interface_mismatch_reboot_needed")) { if ($_POST) { if ($rebootingnow) { - $savemsg = gettext("The system is now rebooting. Please wait."); + $action_msg = gettext("The system is now rebooting. Please wait."); $class = "success"; } else { $applymsg = gettext("Reboot is needed. Please apply the settings in order to reboot."); $class = "warning"; } } else { - $savemsg = gettext("Interface mismatch detected. Please resolve the mismatch, save and then click 'Apply Changes'. The firewall will reboot afterwards."); + $action_msg = gettext("Interface mismatch detected. Please resolve the mismatch, save and then click 'Apply Changes'. The firewall will reboot afterwards."); $class = "warning"; } } @@ -482,8 +476,10 @@ if (file_exists("/tmp/reload_interfaces")) { echo "

\n"; } elseif ($applymsg) { print_apply_box($applymsg); -} elseif ($savemsg) { - print_info_box($savemsg, $class); +} elseif ($action_msg) { + print_info_box($action_msg, $class); +} elseif ($changes_applied) { + print_apply_result_box($retval); } pfSense_handle_custom_code("/usr/local/pkg/interfaces_assign/pre_input_errors"); diff --git a/src/usr/local/www/load_balancer_monitor.php b/src/usr/local/www/load_balancer_monitor.php index a6875ca..f85f972 100644 --- a/src/usr/local/www/load_balancer_monitor.php +++ b/src/usr/local/www/load_balancer_monitor.php @@ -43,7 +43,6 @@ if ($_POST) { $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } } @@ -79,8 +78,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('loadbalancer')) { diff --git a/src/usr/local/www/load_balancer_pool.php b/src/usr/local/www/load_balancer_pool.php index d9788cd..48b33ee 100644 --- a/src/usr/local/www/load_balancer_pool.php +++ b/src/usr/local/www/load_balancer_pool.php @@ -47,7 +47,6 @@ if ($_POST) { $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } } @@ -93,8 +92,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('loadbalancer')) { diff --git a/src/usr/local/www/load_balancer_setting.php b/src/usr/local/www/load_balancer_setting.php index 9ae4a95..a8470c3 100644 --- a/src/usr/local/www/load_balancer_setting.php +++ b/src/usr/local/www/load_balancer_setting.php @@ -46,7 +46,6 @@ if ($_POST) { $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } else { unset($input_errors); @@ -92,8 +91,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('loadbalancer')) { diff --git a/src/usr/local/www/load_balancer_virtual_server.php b/src/usr/local/www/load_balancer_virtual_server.php index f07c7ac..8082203 100644 --- a/src/usr/local/www/load_balancer_virtual_server.php +++ b/src/usr/local/www/load_balancer_virtual_server.php @@ -45,7 +45,6 @@ if ($_POST) { $retval = 0; $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); /* Wipe out old relayd anchors no longer in use. */ cleanup_lb_marked(); clear_subsystem_dirty('loadbalancer'); @@ -113,8 +112,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('loadbalancer')) { diff --git a/src/usr/local/www/services_captiveportal_mac.php b/src/usr/local/www/services_captiveportal_mac.php index 8e37a1e..79cfee3 100644 --- a/src/usr/local/www/services_captiveportal_mac.php +++ b/src/usr/local/www/services_captiveportal_mac.php @@ -76,7 +76,6 @@ if ($_POST) { mwexec("/sbin/ipfw {$g['tmp_path']}/passthrumac_gui"); @unlink("{$g['tmp_path']}/passthrumac_gui"); } - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('passthrumac'); } @@ -152,8 +151,8 @@ if ($_GET['act'] == "del") { include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('passthrumac')) { diff --git a/src/usr/local/www/services_dhcp.php b/src/usr/local/www/services_dhcp.php index 426f1c3..db5ce1c 100644 --- a/src/usr/local/www/services_dhcp.php +++ b/src/usr/local/www/services_dhcp.php @@ -610,39 +610,38 @@ if (isset($_POST['save'])) { } if ((isset($_POST['save']) || isset($_POST['apply'])) && (!$input_errors)) { + $changes_applied = true; $retval = 0; $retvaldhcp = 0; $retvaldns = 0; /* dnsmasq_configure calls dhcpd_configure */ /* no need to restart dhcpd twice */ if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { - $retvaldns = services_dnsmasq_configure(); + $retvaldns |= services_dnsmasq_configure(); if ($retvaldns == 0) { clear_subsystem_dirty('hosts'); clear_subsystem_dirty('staticmaps'); } } else if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { - $retvaldns = services_unbound_configure(); + $retvaldns |= services_unbound_configure(); if ($retvaldns == 0) { clear_subsystem_dirty('unbound'); clear_subsystem_dirty('hosts'); clear_subsystem_dirty('staticmaps'); } } else { - $retvaldhcp = services_dhcpd_configure(); + $retvaldhcp |= services_dhcpd_configure(); if ($retvaldhcp == 0) { clear_subsystem_dirty('staticmaps'); } } if ($dhcpd_enable_changed) { - $retvalfc = filter_configure(); + $retvalfc |= filter_configure(); } if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) { $retval = 1; } - - $savemsg = get_std_save_message($retval); } if ($act == "delpool") { @@ -733,8 +732,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticmaps')) { diff --git a/src/usr/local/www/services_dhcp_relay.php b/src/usr/local/www/services_dhcp_relay.php index e824b44..fc8e367 100644 --- a/src/usr/local/www/services_dhcp_relay.php +++ b/src/usr/local/www/services_dhcp_relay.php @@ -114,10 +114,10 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = services_dhcrelay_configure(); - $savemsg = get_std_save_message($retval); - filter_configure(); + $retval |= services_dhcrelay_configure(); + $retval |= filter_configure(); } } @@ -135,8 +135,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $form = new Form; diff --git a/src/usr/local/www/services_dhcpv6.php b/src/usr/local/www/services_dhcpv6.php index 44afcc4..820f89b 100644 --- a/src/usr/local/www/services_dhcpv6.php +++ b/src/usr/local/www/services_dhcpv6.php @@ -44,30 +44,30 @@ function dhcpv6_apply_changes($dhcpdv6_enable_changed) { /* dnsmasq_configure calls dhcpd_configure */ /* no need to restart dhcpd twice */ if (isset($config['dnsmasq']['enable']) && isset($config['dnsmasq']['regdhcpstatic'])) { - $retvaldns = services_dnsmasq_configure(); + $retvaldns |= services_dnsmasq_configure(); if ($retvaldns == 0) { clear_subsystem_dirty('hosts'); clear_subsystem_dirty('staticmaps'); } } else if (isset($config['unbound']['enable']) && isset($config['unbound']['regdhcpstatic'])) { - $retvaldns = services_unbound_configure(); + $retvaldns |= services_unbound_configure(); if ($retvaldns == 0) { clear_subsystem_dirty('unbound'); clear_subsystem_dirty('staticmaps'); } } else { - $retvaldhcp = services_dhcpd_configure(); + $retvaldhcp |= services_dhcpd_configure(); if ($retvaldhcp == 0) { clear_subsystem_dirty('staticmaps'); } } if ($dhcpdv6_enable_changed) { - $retvalfc = filter_configure(); + $retvalfc |= filter_configure(); } if ($retvaldhcp == 1 || $retvaldns == 1 || $retvalfc == 1) { $retval = 1; } - return get_std_save_message($retval); + return $retval; } if (!$g['services_dhcp_server_enable']) { @@ -184,7 +184,8 @@ if (is_array($dhcrelaycfg) && isset($dhcrelaycfg['enable']) && isset($dhcrelaycf } if (isset($_POST['apply'])) { - $savemsg = dhcpv6_apply_changes(false); + $changes_applied = true; + $retval = dhcpv6_apply_changes(false); } elseif (isset($_POST['save'])) { unset($input_errors); @@ -459,7 +460,8 @@ if (isset($_POST['apply'])) { write_config(); - $savemsg = dhcpv6_apply_changes($dhcpdv6_enable_changed); + $changes_applied = true; + $retval = dhcpv6_apply_changes($dhcpdv6_enable_changed); } } @@ -492,8 +494,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticmaps')) { diff --git a/src/usr/local/www/services_dhcpv6_relay.php b/src/usr/local/www/services_dhcpv6_relay.php index b6f1964..8f4135b 100644 --- a/src/usr/local/www/services_dhcpv6_relay.php +++ b/src/usr/local/www/services_dhcpv6_relay.php @@ -115,9 +115,9 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = services_dhcrelay6_configure(); - $savemsg = get_std_save_message($retval); + $retval |= services_dhcrelay6_configure(); } } @@ -135,8 +135,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $form = new Form; diff --git a/src/usr/local/www/services_dnsmasq.php b/src/usr/local/www/services_dnsmasq.php index fb74e7b..2885edd 100644 --- a/src/usr/local/www/services_dnsmasq.php +++ b/src/usr/local/www/services_dnsmasq.php @@ -113,8 +113,7 @@ domains_sort(); if ($_POST) { if ($_POST['apply']) { $retval = 0; - $retval = services_dnsmasq_configure(); - $savemsg = get_std_save_message($retval); + $retval |= services_dnsmasq_configure(); // Reload filter (we might need to sync to CARP hosts) filter_configure(); @@ -232,8 +231,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('hosts')) { diff --git a/src/usr/local/www/services_igmpproxy.php b/src/usr/local/www/services_igmpproxy.php index f3b8775..5de6aa1 100644 --- a/src/usr/local/www/services_igmpproxy.php +++ b/src/usr/local/www/services_igmpproxy.php @@ -42,15 +42,10 @@ $a_igmpproxy = &$config['igmpproxy']['igmpentry']; if ($_POST) { $pconfig = $_POST; + $changes_applied = true; $retval = 0; /* reload all components that use igmpproxy */ - $retval = services_igmpproxy_configure(); - - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - } else { - $savemsg = $retval; - } + $retval |= services_igmpproxy_configure(); clear_subsystem_dirty('igmpproxy'); } @@ -68,8 +63,8 @@ if ($_GET['act'] == "del") { $pgtitle = array(gettext("Services"), gettext("IGMP Proxy")); include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } if (is_subsystem_dirty('igmpproxy')) { diff --git a/src/usr/local/www/services_ntpd.php b/src/usr/local/www/services_ntpd.php index 2adcfe0..81b1e02 100644 --- a/src/usr/local/www/services_ntpd.php +++ b/src/usr/local/www/services_ntpd.php @@ -151,9 +151,9 @@ if ($_POST) { write_config("Updated NTP Server Settings"); + $changes_applied = true; $retval = 0; - $retval = system_ntp_configure(); - $savemsg = get_std_save_message($retval); + $retval |= system_ntp_configure(); } } @@ -192,8 +192,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); + +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/services_ntpd_acls.php b/src/usr/local/www/services_ntpd_acls.php index 19c057d..ea80ea4 100644 --- a/src/usr/local/www/services_ntpd_acls.php +++ b/src/usr/local/www/services_ntpd_acls.php @@ -150,9 +150,9 @@ if ($_POST) { write_config("Updated NTP ACL Settings"); + $changes_applied = true; $retval = 0; - $retval = system_ntp_configure(); - $savemsg = get_std_save_message($retval); + $retval |= system_ntp_configure(); } } @@ -165,8 +165,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); + +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/services_ntpd_gps.php b/src/usr/local/www/services_ntpd_gps.php index 971d57e..f06e03e 100644 --- a/src/usr/local/www/services_ntpd_gps.php +++ b/src/usr/local/www/services_ntpd_gps.php @@ -154,8 +154,9 @@ if ($_POST) { write_config(gettext("Updated NTP GPS Settings")); - $retval = system_ntp_configure(); - $savemsg = get_std_save_message($retval); + $changes_applied = true; + $retval = 0; + $retval |= system_ntp_configure(); } else { /* set defaults if they do not already exist */ if (!is_array($config['ntpd']) || !is_array($config['ntpd']['gps']) || empty($config['ntpd']['gps']['type'])) { @@ -192,6 +193,10 @@ $pgtitle = array(gettext("Services"), gettext("NTP"), gettext("Serial GPS")); $shortcut_section = "ntp"; include("head.inc"); +if ($changes_applied) { + print_apply_result_box($retval); +} + $tab_array = array(); $tab_array[] = array(gettext("Settings"), false, "services_ntpd.php"); $tab_array[] = array(gettext("ACLs"), false, "services_ntpd_acls.php"); diff --git a/src/usr/local/www/services_ntpd_pps.php b/src/usr/local/www/services_ntpd_pps.php index da987f7..c3d70df 100644 --- a/src/usr/local/www/services_ntpd_pps.php +++ b/src/usr/local/www/services_ntpd_pps.php @@ -91,9 +91,9 @@ if ($_POST) { write_config("Updated NTP PPS Settings"); + $changes_applied = true; $retval = 0; - $retval = system_ntp_configure(); - $savemsg = get_std_save_message($retval); + $retval |= system_ntp_configure(); } } @@ -107,8 +107,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/services_pppoe.php b/src/usr/local/www/services_pppoe.php index a8b0f03..85b3531 100644 --- a/src/usr/local/www/services_pppoe.php +++ b/src/usr/local/www/services_pppoe.php @@ -59,7 +59,6 @@ if ($_POST) { } $retval = 0; $retval |= filter_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('vpnpppoe'); } } @@ -83,8 +82,8 @@ $pgtitle = array(gettext("Services"), gettext("PPPoE Server")); $shortcut_section = "pppoes"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('vpnpppoe')) { diff --git a/src/usr/local/www/services_router_advertisements.php b/src/usr/local/www/services_router_advertisements.php index e369d37..367aedb 100644 --- a/src/usr/local/www/services_router_advertisements.php +++ b/src/usr/local/www/services_router_advertisements.php @@ -54,7 +54,7 @@ if ($config['installedpackages']['olsrd']) { } if (!$_GET['if']) { - $savemsg = gettext("The DHCPv6 Server can only be enabled on interfaces configured with static, non unique local IP addresses.") . "
" . + $info_msg = gettext("The DHCPv6 Server can only be enabled on interfaces configured with static, non unique local IP addresses.") . "
" . gettext("Only interfaces configured with a static IP will be shown."); } @@ -243,8 +243,9 @@ if ($_POST) { } write_config(); - $retval = services_radvd_configure(); - $savemsg = get_std_save_message($retval); + $changes_applied = true; + $retval = 0; + $retval |= services_radvd_configure(); } } @@ -261,8 +262,12 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); +} + +if ($info_msg) { + print_info_box($info_msg, 'success'); } /* active tabs */ diff --git a/src/usr/local/www/services_snmp.php b/src/usr/local/www/services_snmp.php index 66caf4f..58bf88e 100644 --- a/src/usr/local/www/services_snmp.php +++ b/src/usr/local/www/services_snmp.php @@ -161,9 +161,9 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = services_snmpd_configure(); - $savemsg = get_std_save_message($retval); + $retval |= services_snmpd_configure(); } } @@ -200,8 +200,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $form = new Form(); diff --git a/src/usr/local/www/services_unbound.php b/src/usr/local/www/services_unbound.php index b79548c..10893d1 100644 --- a/src/usr/local/www/services_unbound.php +++ b/src/usr/local/www/services_unbound.php @@ -88,8 +88,8 @@ if (empty($a_unboundcfg['system_domain_local_zone_type'])) { if ($_POST) { if ($_POST['apply']) { - $retval = services_unbound_configure(); - $savemsg = get_std_save_message($retval); + $retval = 0; + $retval |= services_unbound_configure(); if ($retval == 0) { clear_subsystem_dirty('unbound'); } @@ -244,8 +244,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('unbound')) { diff --git a/src/usr/local/www/services_unbound_acls.php b/src/usr/local/www/services_unbound_acls.php index 1174202..31e2180 100644 --- a/src/usr/local/www/services_unbound_acls.php +++ b/src/usr/local/www/services_unbound_acls.php @@ -99,8 +99,8 @@ if ($_POST) { } if ($_POST['apply']) { - $retval = services_unbound_configure(); - $savemsg = get_std_save_message($retval); + $retval = 0; + $retval |= services_unbound_configure(); if ($retval == 0) { clear_subsystem_dirty('unbound'); } @@ -185,8 +185,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('unbound')) { diff --git a/src/usr/local/www/services_unbound_advanced.php b/src/usr/local/www/services_unbound_advanced.php index 14bb376..1f869de 100644 --- a/src/usr/local/www/services_unbound_advanced.php +++ b/src/usr/local/www/services_unbound_advanced.php @@ -77,8 +77,8 @@ if (isset($config['unbound']['use_caps'])) { if ($_POST) { if ($_POST['apply']) { - $retval = services_unbound_configure(); - $savemsg = get_std_save_message($retval); + $retval = 0; + $retval |= services_unbound_configure(); if ($retval == 0) { clear_subsystem_dirty('unbound'); } @@ -192,8 +192,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('unbound')) { diff --git a/src/usr/local/www/status_lb_pool.php b/src/usr/local/www/status_lb_pool.php index 911e891..7d22242 100644 --- a/src/usr/local/www/status_lb_pool.php +++ b/src/usr/local/www/status_lb_pool.php @@ -68,7 +68,6 @@ if ($_POST) { $retval = 0; $retval |= filter_configure(); $retval |= relayd_configure(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('loadbalancer'); } else { /* Keep a list of servers we find in POST variables */ @@ -110,6 +109,10 @@ if (is_subsystem_dirty('loadbalancer')) { print_apply_box(gettext("The load balancer configuration has been changed.") . "
" . gettext("The changes must be applied for them to take effect.")); } +if ($_POST['apply']) { + print_apply_result_box($retval); +} + /* active tabs */ $tab_array = array(); $tab_array[] = array(gettext("Pools"), true, "status_lb_pool.php"); diff --git a/src/usr/local/www/status_logs.php b/src/usr/local/www/status_logs.php index 7435974..74f94a9 100644 --- a/src/usr/local/www/status_logs.php +++ b/src/usr/local/www/status_logs.php @@ -99,8 +99,8 @@ if (in_array($logfile, array('system', 'gateways', 'routing', 'resolver', 'wirel } include("head.inc"); -if (!$input_errors && $savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); $manage_log_active = false; } diff --git a/src/usr/local/www/status_logs_common.inc b/src/usr/local/www/status_logs_common.inc index f35b9a2..7a1d9c2 100644 --- a/src/usr/local/www/status_logs_common.inc +++ b/src/usr/local/www/status_logs_common.inc @@ -584,8 +584,10 @@ function manage_log_code() { return; } - global $logfile, $specific_log, $config, $pconfig, $save_settings, $input_errors, $savemsg; + global $logfile, $specific_log, $config, $pconfig, $save_settings, $input_errors, $extra_save_msg, $retval, $changes_applied; + $changes_applied = false; + $extra_save_msg = ""; $specific_log = basename($logfile) . '_settings'; // Common to All Logs @@ -711,37 +713,35 @@ function manage_log_code() { } } + $retval = 0; // If any of the logging settings were changed then backup and sync (standard write_config). Otherwise only write config (don't backup, don't sync). - if ($logging_changed) { - write_config($desc = gettext("Log Display Settings Saved: ") . gettext($allowed_logs[$logfile]["name"]), $backup = true, $write_config_only = false); - $retval = 0; - $retval = system_syslogd_start(); - $savemsg = gettext("The changes have been applied successfully."); - } else { - write_config($desc = gettext("Log Display Settings Saved (no backup, no sync): ") . gettext($allowed_logs[$logfile]["name"]), $backup = false, $write_config_only = true); - $savemsg = ''; - } + if ($logging_changed) { + write_config($desc = gettext("Log Display Settings Saved: ") . gettext($allowed_logs[$logfile]["name"]), $backup = true, $write_config_only = false); + $changes_applied = true; + $retval |= system_syslogd_start(); + } else { + write_config($desc = gettext("Log Display Settings Saved (no backup, no sync): ") . gettext($allowed_logs[$logfile]["name"]), $backup = false, $write_config_only = true); + } // Specific to System General (main) Log - if ($logfile == 'system') { - if ($nginx_logging_changed) { - ob_flush(); - flush(); - log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); - send_event("service restart webgui"); - $savemsg .= "
" . gettext("WebGUI process is restarting."); + if ($logfile == 'system') { + if ($nginx_logging_changed) { + ob_flush(); + flush(); + log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); + send_event("service restart webgui"); + $extra_save_msg = gettext("WebGUI process is restarting."); + } } - } // Specific to Firewall Log if ($logfile == 'filter') { if ($firewall_logging_changed) { require_once("filter.inc"); + $changes_applied = true; $retval |= filter_configure(); filter_pflog_start(true); - - $savemsg = get_std_save_message($retval); } } } diff --git a/src/usr/local/www/status_logs_filter.php b/src/usr/local/www/status_logs_filter.php index 4c37c91..2f1b86e 100644 --- a/src/usr/local/www/status_logs_filter.php +++ b/src/usr/local/www/status_logs_filter.php @@ -102,12 +102,11 @@ status_logs_common_code(); $pgtitle = array(gettext("Status"), gettext("System Logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); include("head.inc"); -if (!$input_errors && $savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); $manage_log_active = false; } - // Tab Array tab_array_logs_common(); diff --git a/src/usr/local/www/status_logs_filter_dynamic.php b/src/usr/local/www/status_logs_filter_dynamic.php index 4ea4d4a..04d70c2 100644 --- a/src/usr/local/www/status_logs_filter_dynamic.php +++ b/src/usr/local/www/status_logs_filter_dynamic.php @@ -82,12 +82,11 @@ status_logs_common_code(); $pgtitle = array(gettext("Status"), gettext("System Logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); include("head.inc"); -if (!$input_errors && $savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); $manage_log_active = false; } - // Tab Array tab_array_logs_common(); diff --git a/src/usr/local/www/status_logs_filter_summary.php b/src/usr/local/www/status_logs_filter_summary.php index 124d190..333c97e 100644 --- a/src/usr/local/www/status_logs_filter_summary.php +++ b/src/usr/local/www/status_logs_filter_summary.php @@ -67,12 +67,11 @@ status_logs_common_code(); $pgtitle = array(gettext("Status"), gettext("System Logs"), gettext($allowed_logs[$logfile]["name"]), $view_title); include("head.inc"); -if (!$input_errors && $savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); $manage_log_active = false; } - // Tab Array tab_array_logs_common(); diff --git a/src/usr/local/www/status_logs_settings.php b/src/usr/local/www/status_logs_settings.php index 33881ed..fe7f04e 100644 --- a/src/usr/local/www/status_logs_settings.php +++ b/src/usr/local/www/status_logs_settings.php @@ -80,7 +80,7 @@ function is_valid_syslog_server($target) { if ($_POST['resetlogs'] == gettext("Reset Log Files")) { clear_all_log_files(true); - $savemsg .= gettext("The log files have been reset."); + $reset_msg = gettext("The log files have been reset."); } elseif ($_POST) { unset($input_errors); $pconfig = $_POST; @@ -162,8 +162,9 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { write_config(); + $changes_applied = true; $retval = 0; - $retval = system_syslogd_start(); + $retval |= system_syslogd_start(); if (($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) || ($oldnologdefaultpass !== isset($config['syslog']['nologdefaultpass'])) || ($oldnologbogons !== isset($config['syslog']['nologbogons'])) || @@ -171,14 +172,12 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { $retval |= filter_configure(); } - $savemsg = get_std_save_message($retval); - if ($oldnolognginx !== isset($config['syslog']['nolognginx'])) { ob_flush(); flush(); log_error(gettext("webConfigurator configuration has changed. Restarting webConfigurator.")); send_event("service restart webgui"); - $savemsg .= "
" . gettext("WebGUI process is restarting."); + $extra_save_msg = gettext("WebGUI process is restarting."); } filter_pflog_start(true); @@ -204,8 +203,12 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($reset_msg) { + print_info_box($reset_msg, 'success'); +} + +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); } $tab_array = array(); diff --git a/src/usr/local/www/system.php b/src/usr/local/www/system.php index 83ab5e7..492caa0 100644 --- a/src/usr/local/www/system.php +++ b/src/usr/local/www/system.php @@ -314,8 +314,9 @@ if ($_POST) { write_config($changedesc); } + $changes_applied = true; $retval = 0; - $retval = system_hostname_configure(); + $retval |= system_hostname_configure(); $retval |= system_hosts_generate(); $retval |= system_resolvconf_generate(); if (isset($config['dnsmasq']['enable'])) { @@ -332,8 +333,6 @@ if ($_POST) { // Reload the filter - plugins might need to be run. $retval |= filter_configure(); - - $savemsg = get_std_save_message($retval); } unset($ignore_posted_dnsgw); @@ -346,8 +345,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } ?>
diff --git a/src/usr/local/www/system_advanced_admin.php b/src/usr/local/www/system_advanced_admin.php index b7207c4..d0da2a3 100644 --- a/src/usr/local/www/system_advanced_admin.php +++ b/src/usr/local/www/system_advanced_admin.php @@ -263,11 +263,12 @@ if ($_POST) { write_config(); - $retval = filter_configure(); - $savemsg = get_std_save_message($retval); + $changes_applied = true; + $retval = 0; + $retval |= filter_configure(); if ($restart_webgui) { - $savemsg .= sprintf("
" . gettext("One moment...redirecting to %s in 20 seconds."), $url); + $extra_save_msg = sprintf("
" . gettext("One moment...redirecting to %s in 20 seconds."), $url); } setup_serial_port(); @@ -287,8 +288,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval, $extra_save_msg); } $tab_array = array(); diff --git a/src/usr/local/www/system_advanced_firewall.php b/src/usr/local/www/system_advanced_firewall.php index 1d0e811..e74d8f5 100644 --- a/src/usr/local/www/system_advanced_firewall.php +++ b/src/usr/local/www/system_advanced_firewall.php @@ -356,15 +356,9 @@ if ($_POST) { killbypid("{$g['varrun_path']}/filterdns.pid"); } + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message($retval); - $class = 'success'; - } else { - $savemsg = $retval; - $class = 'warning'; - } + $retval |= filter_configure(); } } @@ -374,8 +368,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); + +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/system_advanced_misc.php b/src/usr/local/www/system_advanced_misc.php index 796a32b..d43d591 100644 --- a/src/usr/local/www/system_advanced_misc.php +++ b/src/usr/local/www/system_advanced_misc.php @@ -265,14 +265,10 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; system_resolvconf_generate(true); - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message(gettext($retval)); - } else { - $savemsg = gettext($retval); - } + $retval |= filter_configure(); activate_powerd(); load_crypto(); @@ -291,8 +287,8 @@ if ($input_errors) { unset($pconfig['doreboot']); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index b99dad8..67c80c5 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -129,14 +129,9 @@ if ($_POST) { // Set preferred protocol prefer_ipv4_or_ipv6(); - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message(gettext($retval)); - $class = 'success'; - } else { - $savemsg = gettext($retval); - $class = 'warning'; - } + $changes_applied = true; + $retval = 0; + $retval |= filter_configure(); } } @@ -146,8 +141,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, $class); + +if ($changes_applied) { + print_apply_result_box($retval); } $tab_array = array(); diff --git a/src/usr/local/www/system_advanced_sysctl.php b/src/usr/local/www/system_advanced_sysctl.php index 3ab51fd..a8556b9 100644 --- a/src/usr/local/www/system_advanced_sysctl.php +++ b/src/usr/local/www/system_advanced_sysctl.php @@ -87,7 +87,6 @@ if ($_POST) { if ($_POST['apply']) { $retval = 0; system_setup_sysctl(); - $savemsg = get_std_save_message($retval); clear_subsystem_dirty('sysctl'); } @@ -129,8 +128,8 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('sysctl') && ($act != "edit" )) { diff --git a/src/usr/local/www/system_gateway_groups.php b/src/usr/local/www/system_gateway_groups.php index c8f956d..436faec 100644 --- a/src/usr/local/www/system_gateway_groups.php +++ b/src/usr/local/www/system_gateway_groups.php @@ -49,13 +49,12 @@ if ($_POST) { $retval = 0; - $retval = system_routing_configure(); + $retval |= system_routing_configure(); send_multiple_events(array("service reload dyndnsall", "service reload ipsecdns", "filter reload")); /* reconfigure our gateway monitor */ setup_gateways_monitor(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('staticroutes'); } @@ -106,8 +105,8 @@ $shortcut_section = "gateway-groups"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticroutes')) { diff --git a/src/usr/local/www/system_gateways.php b/src/usr/local/www/system_gateways.php index 9eb95de..2927f0f 100644 --- a/src/usr/local/www/system_gateways.php +++ b/src/usr/local/www/system_gateways.php @@ -53,7 +53,7 @@ if ($_POST) { $retval = 0; - $retval = system_routing_configure(); + $retval |= system_routing_configure(); $retval |= system_resolvconf_generate(); $retval |= filter_configure(); /* reconfigure our gateway monitor */ @@ -61,7 +61,6 @@ if ($_POST) { /* Dynamic DNS on gw groups may have changed */ send_event("service reload dyndnsall"); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('staticroutes'); } @@ -230,8 +229,9 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); + +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticroutes')) { diff --git a/src/usr/local/www/system_groupmanager_addprivs.php b/src/usr/local/www/system_groupmanager_addprivs.php index ad07c1c..5c25e59 100644 --- a/src/usr/local/www/system_groupmanager_addprivs.php +++ b/src/usr/local/www/system_groupmanager_addprivs.php @@ -88,19 +88,13 @@ if ($_POST) { } } - $retval = write_config(); - $savemsg = get_std_save_message($retval); + write_config(); pfSenseHeader("system_groupmanager.php?act=edit&groupid={$groupid}"); exit; } } -/* if ajax is calling, give them an update message */ -if (isAjax()) { - print_info_box($savemsg, 'success'); -} - function build_priv_list() { global $spriv_list, $a_group; @@ -123,10 +117,6 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $tab_array = array(); $tab_array[] = array(gettext("Users"), false, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), true, "system_groupmanager.php"); diff --git a/src/usr/local/www/system_routes.php b/src/usr/local/www/system_routes.php index cac6cce..48925c1 100644 --- a/src/usr/local/www/system_routes.php +++ b/src/usr/local/www/system_routes.php @@ -61,12 +61,11 @@ if ($_POST) { @unlink("{$g['tmp_path']}/.system_routes.apply"); } - $retval = system_routing_configure(); + $retval |= system_routing_configure(); $retval |= filter_configure(); /* reconfigure our gateway monitor */ setup_gateways_monitor(); - $savemsg = get_std_save_message($retval); if ($retval == 0) { clear_subsystem_dirty('staticroutes'); } @@ -218,8 +217,8 @@ include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('staticroutes')) { print_apply_box(gettext("The static route configuration has been changed.") . "
" . gettext("The changes must be applied for them to take effect.")); diff --git a/src/usr/local/www/system_usermanager_addprivs.php b/src/usr/local/www/system_usermanager_addprivs.php index ee6d416..3b2ec2e 100644 --- a/src/usr/local/www/system_usermanager_addprivs.php +++ b/src/usr/local/www/system_usermanager_addprivs.php @@ -84,8 +84,7 @@ if ($_POST) { $a_user['priv'] = sort_user_privs($a_user['priv']); local_user_set($a_user); - $retval = write_config(); - $savemsg = get_std_save_message($retval); + write_config(); post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid)); @@ -110,21 +109,12 @@ function build_priv_list() { return($list); } -/* if ajax is calling, give them an update message */ -if (isAjax()) { - print_info_box($savemsg, 'success'); -} - include("head.inc"); if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $tab_array = array(); $tab_array[] = array(gettext("Users"), true, "system_usermanager.php"); $tab_array[] = array(gettext("Groups"), false, "system_groupmanager.php"); diff --git a/src/usr/local/www/vpn_ipsec.php b/src/usr/local/www/vpn_ipsec.php index 64b628d..4a69ad4 100644 --- a/src/usr/local/www/vpn_ipsec.php +++ b/src/usr/local/www/vpn_ipsec.php @@ -50,11 +50,11 @@ $a_phase2 = &$config['ipsec']['phase2']; if ($_POST) { if ($_POST['apply']) { - $retval = vpn_ipsec_configure(); + $ipsec_dynamic_hosts = vpn_ipsec_configure(); /* reload the filter in the background */ - filter_configure(); - $savemsg = get_std_save_message($retval); - if ($retval >= 0) { + $retval = 0; + $retval |= filter_configure(); + if ($ipsec_dynamic_hosts >= 0) { if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); } @@ -228,13 +228,13 @@ $tab_array[] = array(gettext("Pre-Shared Keys"), false, "vpn_ipsec_keys.php"); $tab_array[] = array(gettext("Advanced Settings"), false, "vpn_ipsec_settings.php"); display_top_tabs($tab_array); - if ($savemsg) { - print_info_box($savemsg, 'success'); - } +if ($_POST['apply']) { + print_apply_result_box($retval); +} - if (is_subsystem_dirty('ipsec')) { - print_apply_box(gettext("The IPsec tunnel configuration has been changed.") . "
" . gettext("The changes must be applied for them to take effect.")); - } +if (is_subsystem_dirty('ipsec')) { + print_apply_box(gettext("The IPsec tunnel configuration has been changed.") . "
" . gettext("The changes must be applied for them to take effect.")); +} ?>
diff --git a/src/usr/local/www/vpn_ipsec_keys.php b/src/usr/local/www/vpn_ipsec_keys.php index 46b2e7a..25acd38 100644 --- a/src/usr/local/www/vpn_ipsec_keys.php +++ b/src/usr/local/www/vpn_ipsec_keys.php @@ -50,10 +50,10 @@ foreach ($config['system']['user'] as $id => $user) { } if (isset($_POST['apply'])) { - $retval = vpn_ipsec_configure(); + vpn_ipsec_configure(); /* reload the filter in the background */ - filter_configure(); - $savemsg = get_std_save_message($retval); + $retval = 0; + $retval |= filter_configure(); if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); } @@ -74,8 +74,8 @@ $shortcut_section = "ipsec"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg); +if ($_POST['apply']) { + print_apply_result_box($retval); } if (is_subsystem_dirty('ipsec')) { diff --git a/src/usr/local/www/vpn_ipsec_mobile.php b/src/usr/local/www/vpn_ipsec_mobile.php index 05df61d..f9c0dde 100644 --- a/src/usr/local/www/vpn_ipsec_mobile.php +++ b/src/usr/local/www/vpn_ipsec_mobile.php @@ -129,9 +129,8 @@ if ($_POST['create']) { if ($_POST['apply']) { $retval = 0; /* NOTE: #4353 Always restart ipsec when mobile clients settings change */ - $retval = vpn_ipsec_configure(true); - $savemsg = get_std_save_message($retval); - if ($retval >= 0) { + $ipsec_dynamic_hosts = vpn_ipsec_configure(true); + if ($ipsec_dynamic_hosts >= 0) { if (is_subsystem_dirty('ipsec')) { clear_subsystem_dirty('ipsec'); } @@ -400,8 +399,8 @@ include("head.inc"); " . gettext("The changes must be applied for them to take effect.")); diff --git a/src/usr/local/www/vpn_ipsec_settings.php b/src/usr/local/www/vpn_ipsec_settings.php index 4360837..3bcfa1d 100644 --- a/src/usr/local/www/vpn_ipsec_settings.php +++ b/src/usr/local/www/vpn_ipsec_settings.php @@ -172,15 +172,9 @@ if ($_POST) { write_config(); + $changes_applied = true; $retval = 0; - $retval = filter_configure(); - if (stristr($retval, "error") <> true) { - $savemsg = get_std_save_message(gettext($retval)); - $class = 'success'; - } else { - $savemsg = gettext($retval); - $class = 'warning'; - } + $retval |= filter_configure(); vpn_ipsec_configure($needsrestart); @@ -220,8 +214,8 @@ function maxmss_checked(obj) { Date: Tue, 3 Jan 2017 14:01:02 +0545 Subject: Ignore return from system_syslogd_start system_syslogd_start returns the retrn value from mwexec_bg, which is the PID of the background process. It is not an error status. So do not use it here. --- src/usr/local/www/status_logs_common.inc | 5 ++--- src/usr/local/www/status_logs_settings.php | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/status_logs_common.inc b/src/usr/local/www/status_logs_common.inc index 7a1d9c2..be05902 100644 --- a/src/usr/local/www/status_logs_common.inc +++ b/src/usr/local/www/status_logs_common.inc @@ -714,12 +714,12 @@ function manage_log_code() { } $retval = 0; + $changes_applied = true; // If any of the logging settings were changed then backup and sync (standard write_config). Otherwise only write config (don't backup, don't sync). if ($logging_changed) { write_config($desc = gettext("Log Display Settings Saved: ") . gettext($allowed_logs[$logfile]["name"]), $backup = true, $write_config_only = false); - $changes_applied = true; - $retval |= system_syslogd_start(); + system_syslogd_start(); } else { write_config($desc = gettext("Log Display Settings Saved (no backup, no sync): ") . gettext($allowed_logs[$logfile]["name"]), $backup = false, $write_config_only = true); } @@ -739,7 +739,6 @@ function manage_log_code() { if ($logfile == 'filter') { if ($firewall_logging_changed) { require_once("filter.inc"); - $changes_applied = true; $retval |= filter_configure(); filter_pflog_start(true); } diff --git a/src/usr/local/www/status_logs_settings.php b/src/usr/local/www/status_logs_settings.php index fe7f04e..add7a80 100644 --- a/src/usr/local/www/status_logs_settings.php +++ b/src/usr/local/www/status_logs_settings.php @@ -164,7 +164,7 @@ if ($_POST['resetlogs'] == gettext("Reset Log Files")) { $changes_applied = true; $retval = 0; - $retval |= system_syslogd_start(); + system_syslogd_start(); if (($oldnologdefaultblock !== isset($config['syslog']['nologdefaultblock'])) || ($oldnologdefaultpass !== isset($config['syslog']['nologdefaultpass'])) || ($oldnologbogons !== isset($config['syslog']['nologbogons'])) || -- cgit v1.1 From 3cb0c7c312d4c17cb75e8ce9fff3a28c706d76a5 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Tue, 3 Jan 2017 14:05:26 +0545 Subject: vpn_ipsec_settings - do not redirect on save When the user presses save, and there are no input errors, the data is saved - good. But the page redirects away to itself, which is not necessary. It is preventing the "saved successfully" message from being seen. --- src/usr/local/www/vpn_ipsec_settings.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_ipsec_settings.php b/src/usr/local/www/vpn_ipsec_settings.php index 3bcfa1d..fa24a53 100644 --- a/src/usr/local/www/vpn_ipsec_settings.php +++ b/src/usr/local/www/vpn_ipsec_settings.php @@ -177,9 +177,6 @@ if ($_POST) { $retval |= filter_configure(); vpn_ipsec_configure($needsrestart); - - header("Location: vpn_ipsec_settings.php"); - return; } // The logic value sent by $POST for autoexcludelanaddress is opposite to -- cgit v1.1 From c854afcc3d7830414a2514a640248a5b239569a3 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 3 Jan 2017 10:28:59 -0500 Subject: Add --tls-crypt support for OpenVPN servers and clients. Implements #7071 --- src/usr/local/www/vpn_openvpn_client.php | 35 +++++++++++++++++++++------- src/usr/local/www/vpn_openvpn_server.php | 39 +++++++++++++++++++++++++------- 2 files changed, 58 insertions(+), 16 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index a8089c8..94f6381 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -31,7 +31,7 @@ require_once("guiconfig.inc"); require_once("openvpn.inc"); require_once("pkg-utils.inc"); -global $openvpn_topologies; +global $openvpn_topologies, $openvpn_tls_modes; if (!is_array($config['openvpn']['openvpn-client'])) { $config['openvpn']['openvpn-client'] = array(); @@ -137,6 +137,7 @@ if ($_GET['act'] == "edit") { if ($a_client[$id]['tls']) { $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_client[$id]['tls']); + $pconfig['tls_type'] = $a_server[$id]['tls_type']; } } else { $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); @@ -289,7 +290,10 @@ if ($_POST) { if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) { if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) { - $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid"); + $input_errors[] = gettext("The field 'TLS Key' does not appear to be valid"); + } + if (!in_array($pconfig['tls_type'], array_keys($openvpn_tls_modes))) { + $input_errors[] = gettext("The field 'TLS Key Usage Mode' is not valid"); } } @@ -365,6 +369,7 @@ if ($_POST) { $pconfig['tls'] = openvpn_create_key(); } $client['tls'] = base64_encode($pconfig['tls']); + $client['tls_type'] = $pconfig['tls_type']; } } else { $client['shared_key'] = base64_encode($pconfig['shared_key']); @@ -564,25 +569,38 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Checkbox( 'tlsauth_enable', - 'TLS authentication', - 'Enable authentication of TLS packets.', + 'TLS Configuration', + 'Use a TLS Key', $pconfig['tlsauth_enable'] - )); + ))->setHelp("A TLS key enhances security of an OpenVPN connection by requiring both parties to have a common key before a peer can perform a TLS handshake. " . + "This layer of HMAC authentication allows control channel packets without the proper key to be dropped, protecting the peers from attack or unauthorized connections." . + "The TLS Key does not have any effect on tunnel data."); if (!$pconfig['tls']) { $section->addInput(new Form_Checkbox( 'autotls_enable', null, - 'Automatically generate a shared TLS authentication key.', + 'Automatically generate a TLS Key.', $pconfig['autotls_enable'] )); } $section->addInput(new Form_Textarea( 'tls', - 'Key', + 'TLS Key', $pconfig['tls'] - ))->setHelp('Paste the shared key here'); + ))->setHelp("Paste the TLS key here." . + "
" . + "This key is used to sign control channel packets with an HMAC signature for authentication when establishing the tunnel. "); + + $section->addInput(new Form_Select( + 'tls_type', + 'TLS Key Usage Mode', + empty($pconfig['tls_type']) ? 'auth':$pconfig['tls_type'], + $openvpn_tls_modes + ))->setHelp("In Authentication mode the TLS key is used only as HMAC authentication for the control channel, protecting the peers from unauthorized connections. " . + "
" . + "Encryption and Authentication mode also encrypts control channel communication, providing more privacy and traffic control channel obfuscation."); if (count($a_ca)) { $list = array(); @@ -900,6 +918,7 @@ events.push(function() { // Process "Automatically generate a shared TLS authentication key" checkbox function autotls_change() { hideInput('tls', $('#autotls_enable').prop('checked') || !$('#tlsauth_enable').prop('checked')); + hideInput('tls_type', $('#autotls_enable').prop('checked') || !$('#tlsauth_enable').prop('checked')); } // ---------- Monitor elements for change and call the appropriate display functions ------------------------------ diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 0468e22..a093f63 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -31,7 +31,7 @@ require_once("guiconfig.inc"); require_once("openvpn.inc"); require_once("pkg-utils.inc"); -global $openvpn_topologies; +global $openvpn_topologies, $openvpn_tls_modes; if (!is_array($config['openvpn']['openvpn-server'])) { $config['openvpn']['openvpn-server'] = array(); @@ -132,6 +132,7 @@ if ($_GET['act'] == "edit") { if ($a_server[$id]['tls']) { $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_server[$id]['tls']); + $pconfig['tls_type'] = $a_server[$id]['tls_type']; } $pconfig['caref'] = $a_server[$id]['caref']; @@ -329,7 +330,10 @@ if ($_POST) { if ($tls_mode && $pconfig['tlsauth_enable'] && !$pconfig['autotls_enable']) { if (!strstr($pconfig['tls'], "-----BEGIN OpenVPN Static key V1-----") || !strstr($pconfig['tls'], "-----END OpenVPN Static key V1-----")) { - $input_errors[] = gettext("The field 'TLS Authentication Key' does not appear to be valid"); + $input_errors[] = gettext("The field 'TLS Key' does not appear to be valid"); + } + if (!in_array($pconfig['tls_type'], array_keys($openvpn_tls_modes))) { + $input_errors[] = gettext("The field 'TLS Key Usage Mode' is not valid"); } } @@ -476,6 +480,7 @@ if ($_POST) { $pconfig['tls'] = openvpn_create_key(); } $server['tls'] = base64_encode($pconfig['tls']); + $server['tls_type'] = $pconfig['tls_type']; } $server['caref'] = $pconfig['caref']; $server['crlref'] = $pconfig['crlref']; @@ -697,25 +702,38 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Checkbox( 'tlsauth_enable', - 'TLS authentication', - 'Enable authentication of TLS packets.', + 'TLS Configuration', + 'Use a TLS Key', $pconfig['tlsauth_enable'] - )); + ))->setHelp("A TLS key enhances security of an OpenVPN connection by requiring both parties to have a common key before a peer can perform a TLS handshake. " . + "This layer of HMAC authentication allows control channel packets without the proper key to be dropped, protecting the peers from attack or unauthorized connections." . + "The TLS Key does not have any effect on tunnel data."); if (!$pconfig['tls']) { $section->addInput(new Form_Checkbox( 'autotls_enable', null, - 'Automatically generate a shared TLS authentication key.', + 'Automatically generate a TLS Key.', $pconfig['autotls_enable'] )); } $section->addInput(new Form_Textarea( 'tls', - 'Key', + 'TLS Key', $pconfig['tls'] - ))->setHelp('Paste the shared key here'); + ))->setHelp("Paste the TLS key here." . + "
" . + "This key is used to sign control channel packets with an HMAC signature for authentication when establishing the tunnel. "); + + $section->addInput(new Form_Select( + 'tls_type', + 'TLS Key Usage Mode', + empty($pconfig['tls_type']) ? 'auth':$pconfig['tls_type'], + $openvpn_tls_modes + ))->setHelp("In Authentication mode the TLS key is used only as HMAC authentication for the control channel, protecting the peers from unauthorized connections. " . + "
" . + "Encryption and Authentication mode also encrypts control channel communication, providing more privacy and traffic control channel obfuscation."); if (count($a_ca)) { @@ -1313,6 +1331,7 @@ events.push(function() { case "server_tls": case "server_user": hideInput('tls', false); + hideInput('tls_type', false); hideInput('certref', false); hideInput('dh_length', false); hideInput('ecdh_curve', false); @@ -1325,6 +1344,7 @@ events.push(function() { break; case "server_tls_user": hideInput('tls', false); + hideInput('tls_type', false); hideInput('certref', false); hideInput('dh_length', false); hideInput('ecdh_curve', false); @@ -1337,6 +1357,7 @@ events.push(function() { break; case "p2p_shared_key": hideInput('tls', true); + hideInput('tls_type', true); hideInput('caref', true); hideInput('crlref', true); hideLabel('Peer Certificate Revocation list', true); @@ -1420,10 +1441,12 @@ events.push(function() { function autotls_change() { if (($('#mode').val() == 'p2p_shared_key') || (!$('#tlsauth_enable').prop('checked'))) { hideInput('tls', true); + hideInput('tls_type', true); hideInput('autotls_enable', true); } else { hideInput('autotls_enable', false); hideInput('tls', $('#autotls_enable').prop('checked') || !$('#tlsauth_enable').prop('checked')); + hideInput('tls_type', $('#autotls_enable').prop('checked') || !$('#tlsauth_enable').prop('checked')); } } -- cgit v1.1 From b8b6a303312b29f927df2b3f679195ab1f051447 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 3 Jan 2017 10:39:34 -0500 Subject: Add some help text to OpenVPN client/server for encryption and auth digest. --- src/usr/local/www/vpn_openvpn_client.php | 8 ++++++-- src/usr/local/www/vpn_openvpn_server.php | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 94f6381..e92d99f 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -662,14 +662,18 @@ if ($act=="new" || $act=="edit"): 'Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist() - )); + ))->setHelp('The Encryption Algorithm used for data channel packets.'); $section->addInput(new Form_Select( 'digest', 'Auth digest algorithm', $pconfig['digest'], openvpn_get_digestlist() - ))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. '); + ))->setHelp('The algorithm used to authenticate data channel packets, and control channel packets if a TLS Key is present.' . + '
' . + 'When an AEAD Encryption Algorithm mode is used, such as AES-GCM, this digest is used for the control channel only, not the data channel.' . + '
' . + 'Leave this set to SHA1 unless the server uses a different value. SHA1 is the default for OpenVPN. '); $section->addInput(new Form_Select( 'engine', diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index a093f63..7cb744b 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -838,14 +838,18 @@ if ($act=="new" || $act=="edit"): 'Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist() - )); + ))->setHelp('The Encryption Algorithm used for data channel packets.'); $section->addInput(new Form_Select( 'digest', 'Auth digest algorithm', $pconfig['digest'], openvpn_get_digestlist() - ))->setHelp('Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. '); + ))->setHelp('The algorithm used to authenticate data channel packets, and control channel packets if a TLS Key is present.' . + '
' . + 'When an AEAD Encryption Algorithm mode is used, such as AES-GCM, this digest is used for the control channel only, not the data channel.' . + '
' . + 'Leave this set to SHA1 unless all clients are set to match. SHA1 is the default for OpenVPN. '); $section->addInput(new Form_Select( 'engine', -- cgit v1.1 From 457c4151266e9a8a7ce5576275abe5c9212502e0 Mon Sep 17 00:00:00 2001 From: scherma Date: Tue, 3 Jan 2017 23:16:25 +0000 Subject: GUI auth refresh timer preference --- src/usr/local/www/system_usermanager_settings.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index 5a4e322..aa2c94c 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -146,6 +146,12 @@ if ($_POST) { unset($config['system']['webgui']['authmode']); } + if (isset($_POST['auth_refresh_time']) && $_POST['auth_refresh_time'] != "") { + $config['system']['webgui']['auth_refresh_time'] = intval($_POST['auth_refresh_time']); + } else { + unset($config['system']['webgui']['auth_refresh_time']); + } + write_config(); } @@ -199,6 +205,15 @@ $section->addInput(new Form_Select( $auth_servers )); +$section->addInput(new Form_Input( + 'auth_refresh_time', + 'Auth Refresh Time', + 'number', + $pconfig['auth_refresh_time'], + ['min' => 0, 'max' => 3600] +))->setHelp('Time in seconds to cache authentication results. The default is 30 seconds, maximum 3600 (one hour). '. + 'Shorter times result in more frequent queries to auth services, and more logs generated.'); + $form->addGlobal(new Form_Button( 'savetest', 'Save & Test', -- cgit v1.1 From 47ec605dc39fb0e3f1d4360dbcd35def43e33999 Mon Sep 17 00:00:00 2001 From: scherma Date: Tue, 3 Jan 2017 23:23:02 +0000 Subject: Enable setting auth refresh time in GUI --- src/usr/local/www/system_usermanager_settings.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index 5a4e322..865e496 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -145,6 +145,12 @@ if ($_POST) { } else { unset($config['system']['webgui']['authmode']); } + + if (isset($_POST['auth_refresh_time']) && $_POST['auth_refresh_time'] != "") { + $config['system']['webgui']['auth_refresh_time'] = intval($_POST['auth_refresh_time']); + } else { + unset($config['system']['webgui']['auth_refresh_time']); + } write_config(); @@ -199,6 +205,15 @@ $section->addInput(new Form_Select( $auth_servers )); +$section->addInput(new Form_Input( + 'auth_refresh_time', + 'Auth Refresh Time', + 'number', + $pconfig['auth_refresh_time'], + ['min' => 0, 'max' => 3600] +))->setHelp('Time in seconds to cache authentication results. The default is 30 seconds, maximum 3600 (one hour). '. + 'Shorter times result in more frequent queries to auth services, and more logs generated.'); + $form->addGlobal(new Form_Button( 'savetest', 'Save & Test', -- cgit v1.1 From b743ea87552124be92c2b4de014c06a160ba3ef7 Mon Sep 17 00:00:00 2001 From: jim-p Date: Tue, 3 Jan 2017 21:35:20 -0500 Subject: Add some more help text to OpenVPN pages. --- src/usr/local/www/vpn_openvpn_client.php | 34 +++++++++++++++++--------------- src/usr/local/www/vpn_openvpn_server.php | 9 +++++---- 2 files changed, 23 insertions(+), 20 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index e92d99f..467e198 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -463,15 +463,16 @@ if ($act=="new" || $act=="edit"): 'dev_mode', 'Device mode', empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'], - array_combine($openvpn_dev_mode, $openvpn_dev_mode) - )); + $openvpn_dev_mode + ))->setHelp("\"tun\" mode carries IPv4 and IPv6 (OSI layer 3) and is the most common and compatible mode across all platforms." . + "
\"tap\" mode is capable of carrying 802.3 (OSI Layer 2.)"); $section->addInput(new Form_Select( 'interface', 'Interface', $pconfig['interface'], openvpn_build_if_list() - )); + ))->setHelp("The interface used by the firewall to originate this OpenVPN client connection"); $section->addInput(new Form_Input( 'local_port', @@ -486,21 +487,30 @@ if ($act=="new" || $act=="edit"): 'Server host or address', 'text', $pconfig['server_addr'] - )); + ))->setHelp("The IP address or hostname of the OpenVPN server."); + + $section->addInput(new Form_Checkbox( + 'resolve_retry', + 'Server hostname resolution', + 'Infinitely resolve server ', + $pconfig['resolve_retry'] + ))->setHelp('Continuously attempt to resolve the server host name. ' . + 'Useful when communicating with a server that is not permanently connected to the Internet.'); $section->addInput(new Form_Input( 'server_port', 'Server port', 'number', $pconfig['server_port'] - )); + ))->setHelp("The port used by the server to receive client connections."); $section->addInput(new Form_Input( 'proxy_addr', 'Proxy host or address', 'text', $pconfig['proxy_addr'] - )); + ))->setHelp("The address for an HTTP Proxy this client can use to connect to a remote server." . + "
TCP must be used for the client and server protocol."); $section->addInput(new Form_Input( 'proxy_port', @@ -511,10 +521,10 @@ if ($act=="new" || $act=="edit"): $section->addInput(new Form_Select( 'proxy_authtype', - 'Proxy Auth. - Extra options', + 'Proxy Authentication', $pconfig['proxy_authtype'], array('none' => gettext('none'), 'basic' => gettext('basic'), 'ntlm' => gettext('ntlm')) - )); + ))->setHelp("The type of authentication used by the proxy server."); $section->addInput(new Form_Input( 'proxy_user', @@ -530,14 +540,6 @@ if ($act=="new" || $act=="edit"): $pconfig['proxy_passwd'] )); - $section->addInput(new Form_Checkbox( - 'resolve_retry', - 'Server hostname resolution', - 'Infinitely resolve server ', - $pconfig['resolve_retry'] - ))->setHelp('Continuously attempt to resolve the server host name. ' . - 'Useful when communicating with a server that is not permanently connected to the Internet.'); - $section->addInput(new Form_Input( 'description', 'Description', diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 7cb744b..c53197a 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -671,15 +671,16 @@ if ($act=="new" || $act=="edit"): 'dev_mode', 'Device mode', empty($pconfig['dev_mode']) ? 'tun':$pconfig['dev_mode'], - array_combine($openvpn_dev_mode, $openvpn_dev_mode) - )); + $openvpn_dev_mode + ))->setHelp("\"tun\" mode carries IPv4 and IPv6 (OSI layer 3) and is the most common and compatible mode across all platforms." . + "
\"tap\" mode is capable of carrying 802.3 (OSI Layer 2.)"); $section->addInput(new Form_Select( 'interface', 'Interface', $pconfig['interface'], openvpn_build_if_list() - )); + ))->setHelp("The interface or Virtual IP address where OpenVPN will receive client connections."); $section->addInput(new Form_Input( 'local_port', @@ -687,7 +688,7 @@ if ($act=="new" || $act=="edit"): 'number', $pconfig['local_port'], ['min' => '0'] - )); + ))->setHelp("The port used by OpenVPN to receive client connections."); $section->addInput(new Form_Input( 'description', -- cgit v1.1 From 61d1ca3e0ffb0fb6a397edb8ca5d88f039787140 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 4 Jan 2017 15:30:45 +0545 Subject: Make appropriate success or danger boxes in system_crlmanager When there is a problem, the messages should be in a "danger" box. Note: It is a bit difficult to actual get the danger messages to appear in the UI, because the relevant "delete" buttons are not shown in the UI when delete is not valid. But it can be tested by starting to edit a CRL that is in use, then change the "edit=" to "del=" in the URL bar and send it. --- src/usr/local/www/system_crlmanager.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_crlmanager.php b/src/usr/local/www/system_crlmanager.php index 58ea4cd..f5d3b3d 100644 --- a/src/usr/local/www/system_crlmanager.php +++ b/src/usr/local/www/system_crlmanager.php @@ -82,12 +82,14 @@ if (!$thiscrl && (($act != "") && ($act != "new"))) { pfSenseHeader("system_crlmanager.php"); $act=""; $savemsg = gettext("Invalid CRL reference."); + $class = "danger"; } if ($act == "del") { $name = htmlspecialchars($thiscrl['descr']); if (crl_in_use($id)) { $savemsg = sprintf(gettext("Certificate Revocation List %s is in use and cannot be deleted."), $name); + $class = "danger"; } else { foreach ($a_crl as $cid => $acrl) { if ($acrl['refid'] == $thiscrl['refid']) { @@ -96,6 +98,7 @@ if ($act == "del") { } write_config("Deleted CRL {$name}."); $savemsg = sprintf(gettext("Certificate Revocation List %s successfully deleted."), $name); + $class = "success"; } } @@ -177,12 +180,14 @@ if ($act == "delcert") { $crlname = htmlspecialchars($thiscrl['descr']); if (cert_unrevoke($thiscert, $thiscrl)) { $savemsg = sprintf(gettext("Deleted Certificate %s from CRL %s."), $certname, $crlname); + $class = "success"; // refresh IPsec and OpenVPN CRLs openvpn_refresh_crls(); vpn_ipsec_configure(); write_config($savemsg); } else { $savemsg = sprintf(gettext("Failed to delete Certificate %s from CRL %s."), $certname, $crlname); + $class = "danger"; } $act="edit"; } @@ -327,7 +332,7 @@ if ($input_errors) { } if ($savemsg) { - print_info_box($savemsg, 'success'); + print_info_box($savemsg, $class); } $tab_array = array(); -- cgit v1.1 From 24a4f2ef15a09740a1c13850f85dc345f08cd653 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Wed, 4 Jan 2017 15:37:39 +0545 Subject: Remove unused print_info_box($savemsg) These are files that make no use of $savemsg. May as well remove the print_info_box($savemsg) to avoid future confusion for maintainers wondering why it is there. --- src/usr/local/www/services_captiveportal.php | 4 ---- src/usr/local/www/services_captiveportal_hostname.php | 4 ---- src/usr/local/www/services_captiveportal_ip.php | 4 ---- src/usr/local/www/services_captiveportal_vouchers_edit.php | 4 ---- src/usr/local/www/services_captiveportal_zones.php | 4 ---- src/usr/local/www/services_checkip_edit.php | 4 ---- src/usr/local/www/services_dyndns_edit.php | 4 ---- src/usr/local/www/services_pppoe_edit.php | 4 ---- src/usr/local/www/services_rfc2136_edit.php | 4 ---- 9 files changed, 36 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/services_captiveportal.php b/src/usr/local/www/services_captiveportal.php index 4922a07..14a9293 100644 --- a/src/usr/local/www/services_captiveportal.php +++ b/src/usr/local/www/services_captiveportal.php @@ -512,10 +512,6 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $tab_array = array(); $tab_array[] = array(gettext("Configuration"), true, "services_captiveportal.php?zone={$cpzone}"); $tab_array[] = array(gettext("MACs"), false, "services_captiveportal_mac.php?zone={$cpzone}"); diff --git a/src/usr/local/www/services_captiveportal_hostname.php b/src/usr/local/www/services_captiveportal_hostname.php index d93dd79..433f5b9 100644 --- a/src/usr/local/www/services_captiveportal_hostname.php +++ b/src/usr/local/www/services_captiveportal_hostname.php @@ -98,10 +98,6 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $tab_array = array(); $tab_array[] = array(gettext("Configuration"), false, "services_captiveportal.php?zone={$cpzone}"); $tab_array[] = array(gettext("MACs"), false, "services_captiveportal_mac.php?zone={$cpzone}"); diff --git a/src/usr/local/www/services_captiveportal_ip.php b/src/usr/local/www/services_captiveportal_ip.php index b2da179..0a729eb 100644 --- a/src/usr/local/www/services_captiveportal_ip.php +++ b/src/usr/local/www/services_captiveportal_ip.php @@ -92,10 +92,6 @@ if ($_GET['act'] == "del" && !empty($cpzone) && isset($cpzoneid)) { include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $tab_array = array(); $tab_array[] = array(gettext("Configuration"), false, "services_captiveportal.php?zone={$cpzone}"); $tab_array[] = array(gettext("MACs"), false, "services_captiveportal_mac.php?zone={$cpzone}"); diff --git a/src/usr/local/www/services_captiveportal_vouchers_edit.php b/src/usr/local/www/services_captiveportal_vouchers_edit.php index bad9d32..8f3e1e0 100644 --- a/src/usr/local/www/services_captiveportal_vouchers_edit.php +++ b/src/usr/local/www/services_captiveportal_vouchers_edit.php @@ -175,10 +175,6 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $form = new Form(); $section = new Form_Section('Voucher Rolls'); diff --git a/src/usr/local/www/services_captiveportal_zones.php b/src/usr/local/www/services_captiveportal_zones.php index 12f301c..6454a2a 100644 --- a/src/usr/local/www/services_captiveportal_zones.php +++ b/src/usr/local/www/services_captiveportal_zones.php @@ -60,10 +60,6 @@ $pgtitle = array(gettext("Services"), gettext("Captive Portal")); $shortcut_section = "captiveportal"; include("head.inc"); -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - if (is_subsystem_dirty('captiveportal')) { print_apply_box(gettext("The Captive Portal entry list has been changed.") . "
" . gettext("The changes must be applied for them to take effect.")); } diff --git a/src/usr/local/www/services_checkip_edit.php b/src/usr/local/www/services_checkip_edit.php index 932366e..2774c27 100644 --- a/src/usr/local/www/services_checkip_edit.php +++ b/src/usr/local/www/services_checkip_edit.php @@ -110,10 +110,6 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $form = new Form; $section = new Form_Section('Check IP Service'); diff --git a/src/usr/local/www/services_dyndns_edit.php b/src/usr/local/www/services_dyndns_edit.php index 55860f0..ffd3cc4 100644 --- a/src/usr/local/www/services_dyndns_edit.php +++ b/src/usr/local/www/services_dyndns_edit.php @@ -244,10 +244,6 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $form = new Form; $section = new Form_Section('Dynamic DNS Client'); diff --git a/src/usr/local/www/services_pppoe_edit.php b/src/usr/local/www/services_pppoe_edit.php index 633af97..014f21d 100644 --- a/src/usr/local/www/services_pppoe_edit.php +++ b/src/usr/local/www/services_pppoe_edit.php @@ -285,10 +285,6 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $form = new Form(); $section = new Form_Section('PPPoE Server Configuration'); diff --git a/src/usr/local/www/services_rfc2136_edit.php b/src/usr/local/www/services_rfc2136_edit.php index 41a7c5b..4ca7cb8 100644 --- a/src/usr/local/www/services_rfc2136_edit.php +++ b/src/usr/local/www/services_rfc2136_edit.php @@ -152,10 +152,6 @@ if ($input_errors) { print_input_errors($input_errors); } -if ($savemsg) { - print_info_box($savemsg, 'success'); -} - $form = new Form; $section = new Form_Section('RFC 2136 Client'); -- cgit v1.1 From c6aca57dcfa8d1f5d19c1c50a1ef8fec3e2aba1f Mon Sep 17 00:00:00 2001 From: scherma Date: Wed, 4 Jan 2017 11:24:38 +0000 Subject: Remove duplicated if block --- src/usr/local/www/system_usermanager_settings.php | 6 ------ 1 file changed, 6 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index 08be2a4..865e496 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -152,12 +152,6 @@ if ($_POST) { unset($config['system']['webgui']['auth_refresh_time']); } - if (isset($_POST['auth_refresh_time']) && $_POST['auth_refresh_time'] != "") { - $config['system']['webgui']['auth_refresh_time'] = intval($_POST['auth_refresh_time']); - } else { - unset($config['system']['webgui']['auth_refresh_time']); - } - write_config(); } -- cgit v1.1 From bd07fbdb4b81fc358b8fa55b06469dde7a3870df Mon Sep 17 00:00:00 2001 From: Steve Beaver Date: Wed, 4 Jan 2017 13:12:55 -0500 Subject: Partial solution to #7072 Requires "Back-end" stuff to actually use this, and should be copied to the client page too --- src/usr/local/www/vpn_openvpn_server.php | 103 ++++++++++++++++++++++++++++++- 1 file changed, 100 insertions(+), 3 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index c53197a..0900294 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -96,6 +96,8 @@ if ($_GET['act'] == "del") { } if ($_GET['act'] == "new") { + $pconfig['ncp_enable'] = "enabled"; + $pconfig['ncp-ciphers'] = "AES-256-GCM, AES-128-GCM"; $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; @@ -117,7 +119,9 @@ if ($_GET['act'] == "edit") { $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; $pconfig['authmode'] = $a_server[$id]['authmode']; - $pconfig['dev_mode'] = $a_server[$id]['dev_mode']; + $pconfig['ncp-ciphers'] = $a_server[$id]['ncp-ciphers']; + $pconfig['ncp_enable'] = $a_server[$id]['ncp_enable']; + $pconfig['dev_mode'] = $a_server[$id]['ncp_enable']; $pconfig['interface'] = $a_server[$id]['interface']; if (!empty($a_server[$id]['ipaddr'])) { @@ -242,8 +246,8 @@ if ($_GET['act'] == "edit") { $pconfig['push_register_dns'] = $a_server[$id]['push_register_dns']; } } -if ($_POST) { +if ($_POST) { unset($input_errors); $pconfig = $_POST; @@ -444,6 +448,7 @@ if ($_POST) { $input_errors[] = gettext("The Server Bridge DHCP range is invalid (start higher than end)."); } } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, $input_errors); if (!$input_errors) { @@ -570,6 +575,12 @@ if ($_POST) { $server['duplicate_cn'] = true; } + if (!empty($pconfig['ncp-ciphers'])) { + $server['ncp-ciphers'] = implode(",", $pconfig['ncp-ciphers']); + } + + $server['ncp_enable'] = $pconfig['ncp_enable'] ? "enabled":"disabled"; + if (isset($id) && $a_server[$id]) { $a_server[$id] = $server; } else { @@ -583,6 +594,11 @@ if ($_POST) { header("Location: vpn_openvpn_server.php"); exit; } + + if (!empty($pconfig['ncp-ciphers'])) { + $pconfig['ncp-ciphers'] = implode(",", $pconfig['ncp-ciphers']); + } + if (!empty($pconfig['authmode'])) { $pconfig['authmode'] = implode(",", $pconfig['authmode']); } @@ -640,9 +656,14 @@ if ($act=="new" || $act=="edit"): $options = array(); $authmodes = array(); - $authmodes = explode(",", $pconfig['authmode']); + $auth_servers = auth_get_authserver_list(); + + foreach (explode(",", $pconfig['ncp-ciphers']) as $cipher) { + $ncp_ciphers_list[$cipher] = $cipher; + } + // If no authmodes set then default to selecting the first entry in auth_servers if (empty($authmodes[0]) && !empty(key($auth_servers))) { $authmodes[0] = key($auth_servers); @@ -841,6 +862,45 @@ if ($act=="new" || $act=="edit"): openvpn_get_cipherlist() ))->setHelp('The Encryption Algorithm used for data channel packets.'); + $section->addInput(new Form_Checkbox( + 'ncp_enable', + 'Enable NCP', + 'Check this option to allow OpenVPN clients and servers to negotiate a compatible set of acceptable cryptographic ' . + 'Encryption Algorithms from those selected in the NCP Encryption Algorithms list below.', + ($pconfig['ncp_enable'] == "enabled") + ))->setHelp('
' . sprint_info_box('When both peers support NCP and have it enabled, NCP overrides the Encryption Algorithm above.' . '
' . + 'When disabled, only the selected Encryption Algorithm is allowed.', 'info', false) . '
'); + + $group = new Form_Group('NCP Algorithms'); + + $group->add(new Form_Select( + 'availciphers', + null, + array(), + openvpn_get_cipherlist(), + true + ))->setAttribute('size', '10') + ->setHelp('Available algorithms
Click to add or remove an algorithm from the list'); + + $group->add(new Form_Select( + 'ncp-ciphers', + null, + array(), + $ncp_ciphers_list, + true + ))->setReadonly() + ->setAttribute('size', '10') + ->setHelp('Algorithm list. Click an algorithm name to remove it from the list'); + + $group->setHelp('Available NCP Encryption Algorithms / Allowed NCP Encryption Algorithms' . + '
' . sprint_info_box( + 'Click an NCP Encryption Algorithm in the left-side list to add or remove it from the Allowed NCP Encryption Algorithms list.' . '
' . + 'For backward compatibility, when an older peer connects that does not support NCP, OpenVPN will use the Encryption Algorithm ' . + 'requested by the peer so long as it is selected in this list or chosen as the Encryption Algorithm.', 'info', false) . + '
'); + + $section->add($group); + $section->addInput(new Form_Select( 'digest', 'Auth digest algorithm', @@ -1671,6 +1731,43 @@ events.push(function() { $('#certtype').html(errmsg); }); + function updateCiphers(mem) { + var found = false; + + // If the cipher exists, remove it + $('[id="ncp-ciphers[]"] option').each(function() { + if($(this).val() == mem) { + $(this).remove(); + found = true; + } + }); + + // If not, add it + if (!found) { + $('[id="ncp-ciphers[]"]').append(new Option(mem , mem)); + } + + // Unselect all options + $('[id="availciphers[]"] option:selected').removeAttr("selected"); + } + + // On click, update the ciphers list + $('[id="availciphers[]"]').click(function () { + updateCiphers($(this).val()); + }); + + // On click, remove the cipher from the list + $('[id="ncp-ciphers[]"]').click(function () { + updateCiphers($(this).val()); + }); + + // Make sure hte "Availlable ciphers" selector is not submitted with the form, + // and select all of the chosen ciphers so that they are submitted + $('form').submit(function() { + $("#availciphers" ).prop( "disabled", true); + $('[id="ncp-ciphers[]"] option').attr("selected", "selected"); + }); + // ---------- Set initial page display state ---------------------------------------------------------------------- mode_change(); autokey_change(); -- cgit v1.1 From 6c00adf3316d2c5214f7e9cf2e5f138c32845d58 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 13:17:24 -0500 Subject: Fix copy/paste error --- src/usr/local/www/vpn_openvpn_server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 0900294..fffbb8c 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -121,7 +121,7 @@ if ($_GET['act'] == "edit") { $pconfig['authmode'] = $a_server[$id]['authmode']; $pconfig['ncp-ciphers'] = $a_server[$id]['ncp-ciphers']; $pconfig['ncp_enable'] = $a_server[$id]['ncp_enable']; - $pconfig['dev_mode'] = $a_server[$id]['ncp_enable']; + $pconfig['dev_mode'] = $a_server[$id]['dev_mode']; $pconfig['interface'] = $a_server[$id]['interface']; if (!empty($a_server[$id]['ipaddr'])) { -- cgit v1.1 From 9d773c1792832948a119068434b76d1fd8e5bfb0 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 13:36:39 -0500 Subject: Fix NCP defaults when editing an OpenVPN server, some help changes/fixes for NCP as well. --- src/usr/local/www/vpn_openvpn_server.php | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index fffbb8c..8fd8438 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -119,8 +119,16 @@ if ($_GET['act'] == "edit") { $pconfig['mode'] = $a_server[$id]['mode']; $pconfig['protocol'] = $a_server[$id]['protocol']; $pconfig['authmode'] = $a_server[$id]['authmode']; - $pconfig['ncp-ciphers'] = $a_server[$id]['ncp-ciphers']; - $pconfig['ncp_enable'] = $a_server[$id]['ncp_enable']; + if (isset($a_server[$id]['ncp-ciphers'])) { + $pconfig['ncp-ciphers'] = $a_server[$id]['ncp-ciphers']; + } else { + $pconfig['ncp-ciphers'] = "AES-256-GCM,AES-128-GCM"; + } + if (isset($a_server[$id]['ncp_enable'])) { + $pconfig['ncp_enable'] = $a_server[$id]['ncp_enable']; + } else { + $pconfig['ncp_enable'] = "enabled"; + } $pconfig['dev_mode'] = $a_server[$id]['dev_mode']; $pconfig['interface'] = $a_server[$id]['interface']; @@ -860,15 +868,16 @@ if ($act=="new" || $act=="edit"): 'Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist() - ))->setHelp('The Encryption Algorithm used for data channel packets.'); + ))->setHelp('The Encryption Algorithm used for data channel packets when Negotiable Cryptographic Parameter (NCP) support is not available.'); $section->addInput(new Form_Checkbox( 'ncp_enable', 'Enable NCP', - 'Check this option to allow OpenVPN clients and servers to negotiate a compatible set of acceptable cryptographic ' . - 'Encryption Algorithms from those selected in the NCP Encryption Algorithms list below.', + 'Enable Negotiable Cryptographic Parameters', ($pconfig['ncp_enable'] == "enabled") - ))->setHelp('
' . sprint_info_box('When both peers support NCP and have it enabled, NCP overrides the Encryption Algorithm above.' . '
' . + ))->setHelp( 'Check this option to allow OpenVPN clients and servers to negotiate a compatible set of acceptable cryptographic ' . + 'Encryption Algorithms from those selected in the NCP Algorithms list below.' . + '
' . sprint_info_box('When both peers support NCP and have it enabled, NCP overrides the Encryption Algorithm above.' . '
' . 'When disabled, only the selected Encryption Algorithm is allowed.', 'info', false) . '
'); $group = new Form_Group('NCP Algorithms'); @@ -880,7 +889,7 @@ if ($act=="new" || $act=="edit"): openvpn_get_cipherlist(), true ))->setAttribute('size', '10') - ->setHelp('Available algorithms
Click to add or remove an algorithm from the list'); + ->setHelp('Available NCP Encryption Algorithms
Click to add or remove an algorithm from the list'); $group->add(new Form_Select( 'ncp-ciphers', @@ -890,11 +899,10 @@ if ($act=="new" || $act=="edit"): true ))->setReadonly() ->setAttribute('size', '10') - ->setHelp('Algorithm list. Click an algorithm name to remove it from the list'); + ->setHelp('Allowed NCP Encryption Algorithms. Click an algorithm name to remove it from the list'); - $group->setHelp('Available NCP Encryption Algorithms / Allowed NCP Encryption Algorithms' . + $group->setHelp( 'The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' . '
' . sprint_info_box( - 'Click an NCP Encryption Algorithm in the left-side list to add or remove it from the Allowed NCP Encryption Algorithms list.' . '
' . 'For backward compatibility, when an older peer connects that does not support NCP, OpenVPN will use the Encryption Algorithm ' . 'requested by the peer so long as it is selected in this list or chosen as the Encryption Algorithm.', 'info', false) . '
'); -- cgit v1.1 From a5978b9adc8cac57040a9abedd01f9993567a59a Mon Sep 17 00:00:00 2001 From: scherma Date: Wed, 4 Jan 2017 18:58:43 +0000 Subject: Server side validation and description amendment --- src/usr/local/www/system_usermanager_settings.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index 865e496..8782818 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -117,6 +117,13 @@ if ($_POST) { $input_errors[] = gettext("Session timeout must be an integer value."); } } + + if (isset($_POST['auth_refresh_time'])) { + $timeout = intval($_POST['auth_refresh_time']); + if ($timeout != "" && (!is_numeric($timeout) || $timeout < 0 || $timeout > 3600 )) { + $input_errors[] = gettext("Authentication refresh time must be an integer between 0 and 3600 (inclusive)."); + } + } if (($_POST['authmode'] == "Local Database") && $_POST['savetest']) { $savemsg = gettext("Settings have been saved, but the test was not performed because it is not supported for local databases."); @@ -212,7 +219,7 @@ $section->addInput(new Form_Input( $pconfig['auth_refresh_time'], ['min' => 0, 'max' => 3600] ))->setHelp('Time in seconds to cache authentication results. The default is 30 seconds, maximum 3600 (one hour). '. - 'Shorter times result in more frequent queries to auth services, and more logs generated.'); + 'Shorter times result in more frequent queries to authentication servers.'); $form->addGlobal(new Form_Button( 'savetest', -- cgit v1.1 From d66cfa3d2a0dec1c30931aa9a3b8458069eb373e Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 14:10:18 -0500 Subject: Validate the submitted Encryption Algorithm and NCP Algorithm list. Ticket #7072 --- src/usr/local/www/vpn_openvpn_server.php | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 8fd8438..4c9ae64 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -265,6 +265,11 @@ if ($_POST) { $vpnid = 0; } + $cipher_validation_list = array_keys(openvpn_get_cipherlist()); + if (!in_array($pconfig['crypto'], $cipher_validation_list)) { + $input_errors[] = gettext("The selected Encryption Algorithm is not valid."); + } + list($iv_iface, $iv_ip) = explode ("|", $pconfig['interface']); if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) { $input_errors[] = gettext("Protocol and IP address families do not match. An IPv6 protocol and an IPv4 IP address cannot be selected."); @@ -423,6 +428,12 @@ if ($_POST) { $input_errors[] = gettext("The specified ECDH Curve is invalid."); } + foreach ($pconfig['ncp-ciphers'] as $ncpc) { + if (!in_array($ncpc, $cipher_validation_list)) { + $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); + } + } + $reqdfields = explode(" ", "caref certref"); $reqdfieldsn = array(gettext("Certificate Authority"), gettext("Certificate")); } elseif (!$pconfig['autokey_enable']) { -- cgit v1.1 From a095e8b278c82b2bab4884d3d14b2289105554b7 Mon Sep 17 00:00:00 2001 From: scherma Date: Wed, 4 Jan 2017 19:13:10 +0000 Subject: Load current saved value to display in GUI --- src/usr/local/www/system_usermanager_settings.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index 8782818..cfc7ae7 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -102,6 +102,8 @@ if (isset($config['system']['webgui']['authmode'])) { $pconfig['backend'] = &$config['system']['webgui']['backend']; +$pconfig['auth_refresh_time'] = &$config['system']['webgui']['auth_refresh_time']; + // Page title for main admin $pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Settings")); -- cgit v1.1 From 9423ff32abaf2626ff82b5e7a86f82a389a9a454 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 14:45:29 -0500 Subject: Whitespace fixes. Ticket #7072 --- src/usr/local/www/vpn_openvpn_server.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 4c9ae64..7e9637f 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -1755,16 +1755,16 @@ events.push(function() { // If the cipher exists, remove it $('[id="ncp-ciphers[]"] option').each(function() { - if($(this).val() == mem) { - $(this).remove(); + if($(this).val() == mem) { + $(this).remove(); found = true; - } + } }); // If not, add it - if (!found) { + if (!found) { $('[id="ncp-ciphers[]"]').append(new Option(mem , mem)); - } + } // Unselect all options $('[id="availciphers[]"] option:selected').removeAttr("selected"); -- cgit v1.1 From fa351dd3c13e65dfabfb0f2ac2ed72b332276892 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 14:45:50 -0500 Subject: Add NCP options to OpenVPN client. Fixes #7072 --- src/usr/local/www/vpn_openvpn_client.php | 113 ++++++++++++++++++++++++++++++- 1 file changed, 112 insertions(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 467e198..197452d 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -90,6 +90,8 @@ if ($_GET['act'] == "del") { } if ($_GET['act'] == "new") { + $pconfig['ncp_enable'] = "enabled"; + $pconfig['ncp-ciphers'] = "AES-256-GCM, AES-128-GCM"; $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; @@ -129,6 +131,16 @@ if ($_GET['act'] == "edit") { $pconfig['description'] = $a_client[$id]['description']; $pconfig['custom_options'] = $a_client[$id]['custom_options']; $pconfig['ns_cert_type'] = $a_client[$id]['ns_cert_type']; + if (isset($a_client[$id]['ncp-ciphers'])) { + $pconfig['ncp-ciphers'] = $a_client[$id]['ncp-ciphers']; + } else { + $pconfig['ncp-ciphers'] = "AES-256-GCM,AES-128-GCM"; + } + if (isset($a_client[$id]['ncp_enable'])) { + $pconfig['ncp_enable'] = $a_client[$id]['ncp_enable']; + } else { + $pconfig['ncp_enable'] = "enabled"; + } $pconfig['dev_mode'] = $a_client[$id]['dev_mode']; if ($pconfig['mode'] != "p2p_shared_key") { @@ -181,6 +193,11 @@ if ($_POST) { $vpnid = 0; } + $cipher_validation_list = array_keys(openvpn_get_cipherlist()); + if (!in_array($pconfig['crypto'], $cipher_validation_list)) { + $input_errors[] = gettext("The selected Encryption Algorithm is not valid."); + } + list($iv_iface, $iv_ip) = explode ("|", $pconfig['interface']); if (is_ipaddrv4($iv_ip) && (stristr($pconfig['protocol'], "6") !== false)) { $input_errors[] = gettext("Protocol and IP address families do not match. An IPv6 protocol and an IPv4 IP address cannot be selected."); @@ -303,6 +320,11 @@ if ($_POST) { /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { + foreach ($pconfig['ncp-ciphers'] as $ncpc) { + if (!in_array($ncpc, $cipher_validation_list)) { + $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); + } + } $reqdfields = explode(" ", "caref"); $reqdfieldsn = array(gettext("Certificate Authority")); } elseif (!$pconfig['autokey_enable']) { @@ -390,6 +412,12 @@ if ($_POST) { $client['route_no_exec'] = $pconfig['route_no_exec']; $client['verbosity_level'] = $pconfig['verbosity_level']; + if (!empty($pconfig['ncp-ciphers'])) { + $client['ncp-ciphers'] = implode(",", $pconfig['ncp-ciphers']); + } + + $client['ncp_enable'] = $pconfig['ncp_enable'] ? "enabled":"disabled"; + if (isset($id) && $a_client[$id]) { $a_client[$id] = $client; } else { @@ -402,6 +430,10 @@ if ($_POST) { header("Location: vpn_openvpn_client.php"); exit; } + + if (!empty($pconfig['ncp-ciphers'])) { + $pconfig['ncp-ciphers'] = implode(",", $pconfig['ncp-ciphers']); + } } $pgtitle = array(gettext("VPN"), gettext("OpenVPN"), gettext("Clients")); @@ -664,7 +696,49 @@ if ($act=="new" || $act=="edit"): 'Encryption Algorithm', $pconfig['crypto'], openvpn_get_cipherlist() - ))->setHelp('The Encryption Algorithm used for data channel packets.'); + ))->setHelp('The Encryption Algorithm used for data channel packets when Negotiable Cryptographic Parameter (NCP) support is not available.'); + + $section->addInput(new Form_Checkbox( + 'ncp_enable', + 'Enable NCP', + 'Enable Negotiable Cryptographic Parameters', + ($pconfig['ncp_enable'] == "enabled") + ))->setHelp( 'Check this option to allow OpenVPN clients and servers to negotiate a compatible set of acceptable cryptographic ' . + 'Encryption Algorithms from those selected in the NCP Algorithms list below.' . + '
' . sprint_info_box('When both peers support NCP and have it enabled, NCP overrides the Encryption Algorithm above.' . '
' . + 'When disabled, only the selected Encryption Algorithm is allowed.', 'info', false) . '
'); + + foreach (explode(",", $pconfig['ncp-ciphers']) as $cipher) { + $ncp_ciphers_list[$cipher] = $cipher; + } + $group = new Form_Group('NCP Algorithms'); + + $group->add(new Form_Select( + 'availciphers', + null, + array(), + openvpn_get_cipherlist(), + true + ))->setAttribute('size', '10') + ->setHelp('Available NCP Encryption Algorithms
Click to add or remove an algorithm from the list'); + + $group->add(new Form_Select( + 'ncp-ciphers', + null, + array(), + $ncp_ciphers_list, + true + ))->setReadonly() + ->setAttribute('size', '10') + ->setHelp('Allowed NCP Encryption Algorithms. Click an algorithm name to remove it from the list'); + + $group->setHelp( 'The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' . + '
' . sprint_info_box( + 'For backward compatibility, when an older peer connects that does not support NCP, OpenVPN will use the Encryption Algorithm ' . + 'requested by the peer so long as it is selected in this list or chosen as the Encryption Algorithm.', 'info', false) . + '
'); + + $section->add($group); $section->addInput(new Form_Select( 'digest', @@ -959,6 +1033,43 @@ events.push(function() { autotls_change(); }); + function updateCiphers(mem) { + var found = false; + + // If the cipher exists, remove it + $('[id="ncp-ciphers[]"] option').each(function() { + if($(this).val() == mem) { + $(this).remove(); + found = true; + } + }); + + // If not, add it + if (!found) { + $('[id="ncp-ciphers[]"]').append(new Option(mem , mem)); + } + + // Unselect all options + $('[id="availciphers[]"] option:selected').removeAttr("selected"); + } + + // On click, update the ciphers list + $('[id="availciphers[]"]').click(function () { + updateCiphers($(this).val()); + }); + + // On click, remove the cipher from the list + $('[id="ncp-ciphers[]"]').click(function () { + updateCiphers($(this).val()); + }); + + // Make sure hte "Availlable ciphers" selector is not submitted with the form, + // and select all of the chosen ciphers so that they are submitted + $('form').submit(function() { + $("#availciphers" ).prop( "disabled", true); + $('[id="ncp-ciphers[]"] option').attr("selected", "selected"); + }); + // ---------- Set initial page display state ---------------------------------------------------------------------- mode_change(); autokey_change(); -- cgit v1.1 From e2f0ad13b5c1305c03f5104819ec096d077e496b Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 15:28:28 -0500 Subject: Some improvements to the NCP validation. Ticket #7072 --- src/usr/local/www/vpn_openvpn_client.php | 8 +++++--- src/usr/local/www/vpn_openvpn_server.php | 8 +++++--- 2 files changed, 10 insertions(+), 6 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 197452d..2e7b554 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -320,9 +320,11 @@ if ($_POST) { /* If we are not in shared key mode, then we need the CA/Cert. */ if ($pconfig['mode'] != "p2p_shared_key") { - foreach ($pconfig['ncp-ciphers'] as $ncpc) { - if (!in_array($ncpc, $cipher_validation_list)) { - $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); + if (($pconfig['ncp_enable'] != "disabled") && !empty($pconfig['ncp-ciphers']) && is_array($pconfig['ncp-ciphers'])) { + foreach ($pconfig['ncp-ciphers'] as $ncpc) { + if (!in_array($ncpc, $cipher_validation_list)) { + $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); + } } } $reqdfields = explode(" ", "caref"); diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 7e9637f..cfaefa2 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -428,9 +428,11 @@ if ($_POST) { $input_errors[] = gettext("The specified ECDH Curve is invalid."); } - foreach ($pconfig['ncp-ciphers'] as $ncpc) { - if (!in_array($ncpc, $cipher_validation_list)) { - $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); + if (($pconfig['ncp_enable'] != "disabled") && !empty($pconfig['ncp-ciphers']) && is_array($pconfig['ncp-ciphers'])) { + foreach ($pconfig['ncp-ciphers'] as $ncpc) { + if (!in_array($ncpc, $cipher_validation_list)) { + $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); + } } } -- cgit v1.1 From 625b688ca4a7db168e9b2cea6c319728981cff00 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 15:35:08 -0500 Subject: Fix NCP breaking save on a new server/client. Ticket #7072 --- src/usr/local/www/vpn_openvpn_client.php | 4 ++-- src/usr/local/www/vpn_openvpn_server.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 2e7b554..fba3d43 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -91,7 +91,7 @@ if ($_GET['act'] == "del") { if ($_GET['act'] == "new") { $pconfig['ncp_enable'] = "enabled"; - $pconfig['ncp-ciphers'] = "AES-256-GCM, AES-128-GCM"; + $pconfig['ncp-ciphers'] = "AES-256-GCM,AES-128-GCM"; $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; @@ -322,7 +322,7 @@ if ($_POST) { if ($pconfig['mode'] != "p2p_shared_key") { if (($pconfig['ncp_enable'] != "disabled") && !empty($pconfig['ncp-ciphers']) && is_array($pconfig['ncp-ciphers'])) { foreach ($pconfig['ncp-ciphers'] as $ncpc) { - if (!in_array($ncpc, $cipher_validation_list)) { + if (!in_array(trim($ncpc), $cipher_validation_list)) { $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); } } diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index cfaefa2..e9d397a 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -97,7 +97,7 @@ if ($_GET['act'] == "del") { if ($_GET['act'] == "new") { $pconfig['ncp_enable'] = "enabled"; - $pconfig['ncp-ciphers'] = "AES-256-GCM, AES-128-GCM"; + $pconfig['ncp-ciphers'] = "AES-256-GCM,AES-128-GCM"; $pconfig['autokey_enable'] = "yes"; $pconfig['tlsauth_enable'] = "yes"; $pconfig['autotls_enable'] = "yes"; @@ -430,7 +430,7 @@ if ($_POST) { if (($pconfig['ncp_enable'] != "disabled") && !empty($pconfig['ncp-ciphers']) && is_array($pconfig['ncp-ciphers'])) { foreach ($pconfig['ncp-ciphers'] as $ncpc) { - if (!in_array($ncpc, $cipher_validation_list)) { + if (!in_array(trim($ncpc), $cipher_validation_list)) { $input_errors[] = gettext("One or more of the selected NCP Algorithms is not valid."); } } -- cgit v1.1 From a075265e0a076419813622e0d69556915b6f40f2 Mon Sep 17 00:00:00 2001 From: stilez Date: Wed, 4 Jan 2017 20:52:39 +0000 Subject: Various wording changes --- src/usr/local/www/system_advanced_network.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index f5fdf73..9028b04 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -169,14 +169,14 @@ $group->add(new Form_Checkbox( $group->add(new Form_Input( 'ipv6nat_ipaddr', - 'IP address of tunneling peer', + 'Tunnel Peer\'s IP Address', 'text', $pconfig['ipv6nat_ipaddr'] ))->setHelp('The IPv4 address of the tunneling peer'); -$group->setHelp('These options create an RFC 2893 compatible mechanism for IPv4 NAT encapsulation of IPv6 packets, that can be used ' . - 'to tunnel IPv6 packets over IPv4 routing infrastructures. A firewall rule to allow passing of IPv6 packets ' . - 'must also be created.'); +$group->setHelp('These options create an RFC 2893 compatible mechanism for IPv4 NAT encapsulation of IPv6 packets, ' . + 'that can be used to tunnel IPv6 packets over IPv4 routing infrastructures. A firewall rule to pass IPv6 packets ' . + 'is also necessary.'); $section->add($group); -- cgit v1.1 From 414aa3596b25a2ecf98b63d1a774ba7d92b7e76c Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 4 Jan 2017 18:53:20 -0200 Subject: Remove direct calls to /sbin/ifconfig destroy by pfSense_interface_destroy() --- src/usr/local/www/interfaces.php | 2 +- src/usr/local/www/interfaces_bridge.php | 2 +- src/usr/local/www/interfaces_gif.php | 2 +- src/usr/local/www/interfaces_gre.php | 2 +- src/usr/local/www/interfaces_lagg.php | 2 +- src/usr/local/www/interfaces_qinq.php | 2 +- src/usr/local/www/interfaces_wireless.php | 2 +- src/usr/local/www/interfaces_wireless_edit.php | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/interfaces.php b/src/usr/local/www/interfaces.php index a63144d..fcb5763 100755 --- a/src/usr/local/www/interfaces.php +++ b/src/usr/local/www/interfaces.php @@ -1611,7 +1611,7 @@ function check_wireless_mode() { if (!interface_wireless_clone("{$wlanif}_", $wancfg)) { $input_errors[] = sprintf(gettext("Unable to change mode to %s. The maximum number of wireless clones supported in this mode may have been reached."), $wlan_modes[$wancfg['wireless']['mode']]); } else { - mwexec("/sbin/ifconfig " . escapeshellarg($wlanif) . "_ destroy"); + pfSense_interface_destroy("{$wlanif}_"); } $wancfg['wireless']['mode'] = $old_wireless_mode; } diff --git a/src/usr/local/www/interfaces_bridge.php b/src/usr/local/www/interfaces_bridge.php index c9631d7..359af1c 100644 --- a/src/usr/local/www/interfaces_bridge.php +++ b/src/usr/local/www/interfaces_bridge.php @@ -60,7 +60,7 @@ if ($_GET['act'] == "del") { if (!does_interface_exist($a_bridges[$_GET['id']]['bridgeif'])) { log_error("Bridge interface does not exist, skipping ifconfig destroy."); } else { - mwexec("/sbin/ifconfig " . $a_bridges[$_GET['id']]['bridgeif'] . " destroy"); + pfSense_interface_destroy($a_bridges[$_GET['id']]['bridgeif']); } unset($a_bridges[$_GET['id']]); diff --git a/src/usr/local/www/interfaces_gif.php b/src/usr/local/www/interfaces_gif.php index 1797092..b0581ec 100644 --- a/src/usr/local/www/interfaces_gif.php +++ b/src/usr/local/www/interfaces_gif.php @@ -56,7 +56,7 @@ if ($_GET['act'] == "del") { } else if (gif_inuse($_GET['id'])) { $input_errors[] = gettext("This gif TUNNEL cannot be deleted because it is still being used as an interface."); } else { - mwexec("/sbin/ifconfig " . $a_gifs[$_GET['id']]['gifif'] . " destroy"); + pfSense_interface_destroy($a_gifs[$_GET['id']]['gifif']); unset($a_gifs[$_GET['id']]); write_config(); diff --git a/src/usr/local/www/interfaces_gre.php b/src/usr/local/www/interfaces_gre.php index a69edd6..9f2d8c0 100644 --- a/src/usr/local/www/interfaces_gre.php +++ b/src/usr/local/www/interfaces_gre.php @@ -57,7 +57,7 @@ if ($_GET['act'] == "del") { } else if (gre_inuse($_GET['id'])) { $input_errors[] = gettext("This GRE tunnel cannot be deleted because it is still being used as an interface."); } else { - mwexec("/sbin/ifconfig " . $a_gres[$_GET['id']]['greif'] . " destroy"); + pfSense_interface_destroy($a_gres[$_GET['id']]['greif']); unset($a_gres[$_GET['id']]); write_config(); diff --git a/src/usr/local/www/interfaces_lagg.php b/src/usr/local/www/interfaces_lagg.php index c521558..23deb7d 100644 --- a/src/usr/local/www/interfaces_lagg.php +++ b/src/usr/local/www/interfaces_lagg.php @@ -63,7 +63,7 @@ if ($_GET['act'] == "del") { } else if (lagg_inuse($_GET['id'])) { $input_errors[] = gettext("This LAGG interface cannot be deleted because it is still being used."); } else { - mwexec_bg("/sbin/ifconfig " . $a_laggs[$_GET['id']]['laggif'] . " destroy"); + pfSense_interface_destroy($a_laggs[$_GET['id']]['laggif']); unset($a_laggs[$_GET['id']]); write_config(); diff --git a/src/usr/local/www/interfaces_qinq.php b/src/usr/local/www/interfaces_qinq.php index 63fa1b4..1997c19 100644 --- a/src/usr/local/www/interfaces_qinq.php +++ b/src/usr/local/www/interfaces_qinq.php @@ -67,7 +67,7 @@ if ($_GET['act'] == "del") { } mwexec("/usr/sbin/ngctl shutdown {$qinq['vlanif']}qinq:"); mwexec("/usr/sbin/ngctl shutdown {$qinq['vlanif']}:"); - mwexec("/sbin/ifconfig {$qinq['vlanif']} destroy"); + pfSense_interface_destroy($qinq['vlanif']); unset($a_qinqs[$id]); write_config(); diff --git a/src/usr/local/www/interfaces_wireless.php b/src/usr/local/www/interfaces_wireless.php index dafe49d..304eca2 100644 --- a/src/usr/local/www/interfaces_wireless.php +++ b/src/usr/local/www/interfaces_wireless.php @@ -57,7 +57,7 @@ if ($_GET['act'] == "del") { if (clone_inuse($_GET['id'])) { $input_errors[] = gettext("This wireless clone cannot be deleted because it is assigned as an interface."); } else { - mwexec("/sbin/ifconfig " . $a_clones[$_GET['id']]['cloneif'] . " destroy"); + pfSense_interface_destroy($a_clones[$_GET['id']]['cloneif']); unset($a_clones[$_GET['id']]); write_config(); diff --git a/src/usr/local/www/interfaces_wireless_edit.php b/src/usr/local/www/interfaces_wireless_edit.php index 419f9c6..d30b5c4 100644 --- a/src/usr/local/www/interfaces_wireless_edit.php +++ b/src/usr/local/www/interfaces_wireless_edit.php @@ -125,7 +125,7 @@ if ($_POST) { } else { if (isset($id) && $a_clones[$id]) { if ($clone['if'] != $a_clones[$id]['if']) { - mwexec("/sbin/ifconfig " . $a_clones[$id]['cloneif'] . " destroy"); + pfSense_interface_destroy($a_clones[$id]['cloneif']); } $input_errors[] = sprintf(gettext("Created with id %s"), $id); $a_clones[$id] = $clone; -- cgit v1.1 From a0052ea3a5fe74246795d90bcacadd025801134a Mon Sep 17 00:00:00 2001 From: stilez Date: Wed, 4 Jan 2017 20:55:35 +0000 Subject: left label as comment above --- src/usr/local/www/system_advanced_network.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 9028b04..72e0321 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -159,7 +159,7 @@ $section->addInput(new Form_Checkbox( 'blocks traffic.'); -$group = new Form_Group('IPv6 over IPv4 Tunneling'); +$group = new Form_Group('IPv6 over IPv4'); $group->add(new Form_Checkbox( 'ipv6nat_enable', 'IPv6 over IPv4 Tunneling', -- cgit v1.1 From 54c90c3527b0a7c596a616cbf6fc58fd6663646a Mon Sep 17 00:00:00 2001 From: Steve Beaver Date: Wed, 4 Jan 2017 15:36:37 -0500 Subject: Minor help text change --- src/usr/local/www/vpn_openvpn_server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index e9d397a..06c32da 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -912,7 +912,7 @@ if ($act=="new" || $act=="edit"): true ))->setReadonly() ->setAttribute('size', '10') - ->setHelp('Allowed NCP Encryption Algorithms. Click an algorithm name to remove it from the list'); + ->setHelp('Algorithm list.
Click an algorithm name to remove it from the list'); $group->setHelp( 'The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' . '
' . sprint_info_box( -- cgit v1.1 From b191e31e964f424cae96b39023718aaca7e345e6 Mon Sep 17 00:00:00 2001 From: Steve Beaver Date: Wed, 4 Jan 2017 15:55:05 -0500 Subject: No longer add "null" to the selector when clicking a blank area --- src/usr/local/www/vpn_openvpn_client.php | 4 +++- src/usr/local/www/vpn_openvpn_server.php | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index fba3d43..4c87611 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -1062,7 +1062,9 @@ events.push(function() { // On click, remove the cipher from the list $('[id="ncp-ciphers[]"]').click(function () { - updateCiphers($(this).val()); + if ($(this).val() != null) { + updateCiphers($(this).val()); + } }); // Make sure hte "Availlable ciphers" selector is not submitted with the form, diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 06c32da..34e4bb0 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -1779,7 +1779,9 @@ events.push(function() { // On click, remove the cipher from the list $('[id="ncp-ciphers[]"]').click(function () { - updateCiphers($(this).val()); + if ($(this).val() != null) { + updateCiphers($(this).val()); + } }); // Make sure hte "Availlable ciphers" selector is not submitted with the form, -- cgit v1.1 From d37d7c3a8a6d626ff1d9cf95854ff3384c1dc771 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 4 Jan 2017 19:04:36 -0200 Subject: Fix conditional to work as expected when $id == 0 --- src/usr/local/www/vpn_openvpn_server.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 34e4bb0..52672f8 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -476,8 +476,13 @@ if ($_POST) { $server = array(); - if ($id && $pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) { - openvpn_delete('server', $a_server[$id]);// delete(rename) old interface so a new TUN or TAP interface can be created. + if (isset($id) && $a_server[$id] && + $pconfig['dev_mode'] <> $a_server[$id]['dev_mode']) { + /* + * delete old interface so a new TUN or TAP interface + * can be created. + */ + openvpn_delete('server', $a_server[$id]); } if ($vpnid) { -- cgit v1.1 From 16fbe9b7ee1abfb8b9504a8d1e90dcd7592f9fe2 Mon Sep 17 00:00:00 2001 From: stilez Date: Wed, 4 Jan 2017 21:11:24 +0000 Subject: change as commented and remove redundant help text --- src/usr/local/www/system_advanced_network.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_advanced_network.php b/src/usr/local/www/system_advanced_network.php index 72e0321..19f16d9 100644 --- a/src/usr/local/www/system_advanced_network.php +++ b/src/usr/local/www/system_advanced_network.php @@ -160,6 +160,7 @@ $section->addInput(new Form_Checkbox( $group = new Form_Group('IPv6 over IPv4'); + $group->add(new Form_Checkbox( 'ipv6nat_enable', 'IPv6 over IPv4 Tunneling', @@ -169,10 +170,10 @@ $group->add(new Form_Checkbox( $group->add(new Form_Input( 'ipv6nat_ipaddr', - 'Tunnel Peer\'s IP Address', + 'IPv4 address of Tunnel Peer', 'text', $pconfig['ipv6nat_ipaddr'] -))->setHelp('The IPv4 address of the tunneling peer'); +)); $group->setHelp('These options create an RFC 2893 compatible mechanism for IPv4 NAT encapsulation of IPv6 packets, ' . 'that can be used to tunnel IPv6 packets over IPv4 routing infrastructures. A firewall rule to pass IPv6 packets ' . -- cgit v1.1 From 21504a52fb0f5ad02dd374b171fdafb1cd68c709 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 4 Jan 2017 19:14:15 -0200 Subject: As done on OpenVPN Server, delete tunnel when dev_mode changes so new device is created accordingly --- src/usr/local/www/vpn_openvpn_client.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 4c87611..d3666bb 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -349,6 +349,15 @@ if ($_POST) { $client = array(); + if (isset($id) && $a_client[$id] && + $pconfig['dev_mode'] <> $a_client[$id]['dev_mode']) { + /* + * delete old interface so a new TUN or TAP interface + * can be created. + */ + openvpn_delete('client', $a_client[$id]); + } + foreach ($simplefields as $stat) { if (($stat == 'auth_pass') && ($_POST[$stat] == DMYPWD)) { $client[$stat] = $a_client[$id]['auth_pass']; -- cgit v1.1 From a1650bb758b68eb909e7efb5094ac455c7f03475 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Wed, 4 Jan 2017 19:14:57 -0200 Subject: Fix a probably copy/paste error --- src/usr/local/www/vpn_openvpn_client.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index d3666bb..3ce2c95 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -149,7 +149,7 @@ if ($_GET['act'] == "edit") { if ($a_client[$id]['tls']) { $pconfig['tlsauth_enable'] = "yes"; $pconfig['tls'] = base64_decode($a_client[$id]['tls']); - $pconfig['tls_type'] = $a_server[$id]['tls_type']; + $pconfig['tls_type'] = $a_client[$id]['tls_type']; } } else { $pconfig['shared_key'] = base64_decode($a_client[$id]['shared_key']); @@ -881,7 +881,7 @@ if ($act=="new" || $act=="edit"): $act )); - if (isset($id) && $a_server[$id]) { + if (isset($id) && $a_client[$id]) { $section->addInput(new Form_Input( 'id', null, -- cgit v1.1 From b6dd335e6b81c89f2e4dd63cbd638853ebe2a275 Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 20:51:25 -0500 Subject: Fix up OpenVPN CSC page help text, add IPv6 tunnel network. Fixes #7053 --- src/usr/local/www/vpn_openvpn_csc.php | 57 +++++++++++++++++++++++------------ 1 file changed, 37 insertions(+), 20 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_csc.php b/src/usr/local/www/vpn_openvpn_csc.php index 16ba076..65932c2 100644 --- a/src/usr/local/www/vpn_openvpn_csc.php +++ b/src/usr/local/www/vpn_openvpn_csc.php @@ -74,6 +74,7 @@ if ($_GET['act'] == "edit") { $pconfig['description'] = $a_csc[$id]['description']; $pconfig['tunnel_network'] = $a_csc[$id]['tunnel_network']; + $pconfig['tunnel_networkv6'] = $a_csc[$id]['tunnel_networkv6']; $pconfig['local_network'] = $a_csc[$id]['local_network']; $pconfig['local_networkv6'] = $a_csc[$id]['local_networkv6']; $pconfig['remote_network'] = $a_csc[$id]['remote_network']; @@ -132,7 +133,10 @@ if ($_POST) { $pconfig = $_POST; /* input validation */ - if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'Tunnel network')) { + if ($result = openvpn_validate_cidr($pconfig['tunnel_network'], 'IPv4 Tunnel Network')) { + $input_errors[] = $result; + } + if ($result = openvpn_validate_cidr($pconfig['tunnel_networkv6'], 'IPv6 Tunnel Network', false, "ipv6")) { $input_errors[] = $result; } @@ -219,6 +223,7 @@ if ($_POST) { $csc['block'] = $pconfig['block']; $csc['description'] = $pconfig['description']; $csc['tunnel_network'] = $pconfig['tunnel_network']; + $csc['tunnel_networkv6'] = $pconfig['tunnel_networkv6']; $csc['local_network'] = $pconfig['local_network']; $csc['local_networkv6'] = $pconfig['local_networkv6']; $csc['remote_network'] = $pconfig['remote_network']; @@ -320,7 +325,7 @@ if ($act == "new" || $act == "edit"): $pconfig['server_list'], $serveroptionlist, true - ))->setHelp('Select the servers for which the override will apply. Selecting no servers will also apply the override to all servers.'); + ))->setHelp('Select the servers that will utilize this override. When no servers are selected, the override will apply to all servers.'); $section->addInput(new Form_Checkbox( @@ -332,24 +337,24 @@ if ($act == "new" || $act == "edit"): $section->addInput(new Form_Input( 'common_name', - 'Common name', + 'Common Name', 'text', $pconfig['common_name'] - ))->setHelp('Enter the client\'s X.509 common name.'); + ))->setHelp('Enter the X.509 common name for the client certificate, or the username for VPNs utilizing password authentication. This match is case sensitive.'); $section->addInput(new Form_Input( 'description', 'Description', 'text', $pconfig['description'] - ))->setHelp('A description may be entered here for administrative reference (not parsed). '); + ))->setHelp('A description for administrative reference (not parsed).'); $section->addInput(new Form_Checkbox( 'block', 'Connection blocking', - 'Block this client connection based on its common name. ', + 'Block this client connection based on its common name.', $pconfig['block'] - ))->setHelp('Don\'t use this option to permanently disable a client due to a compromised key or password. Use a CRL (certificate revocation list) instead. '); + ))->setHelp('Prevents the client from connecting to this server. Do not use this option to permanently disable a client due to a compromised key or password. Use a CRL (certificate revocation list) instead.'); $form->add($section); @@ -357,45 +362,57 @@ if ($act == "new" || $act == "edit"): $section->addInput(new Form_Input( 'tunnel_network', - 'Tunnel Network', + 'IPv4 Tunnel Network', 'text', $pconfig['tunnel_network'] - ))->setHelp('This is the virtual network used for private communications between this client and the server expressed using CIDR (e.g. 10.0.8.0/24). ' . - 'The first network address is assumed to be the server address and the second network address will be assigned to the client virtual interface. '); + ))->setHelp('The virtual IPv4 network used for private communications between this client and the server expressed using CIDR (e.g. 10.0.8.5/24). ' . + '
' . + 'With subnet topology, enter the client IP address and the subnet mask must match the IPv4 Tunnel Network on the server. ' . + '
' . + 'With net30 topology, the first network address of the /30 is assumed to be the server address and the second network address will be assigned to the client.'); + + $section->addInput(new Form_Input( + 'tunnel_networkv6', + 'IPv6 Tunnel Network', + 'text', + $pconfig['tunnel_networkv6'] + ))->setHelp('The virtual IPv6 network used for private communications between this client and the server expressed using prefix (e.g. 2001:db9:1:1::100/64). ' . + '
' . + 'Enter the client IPv6 address and prefix. The prefix must match the IPv6 Tunnel Network prefix on the server. '); $section->addInput(new Form_Input( 'local_network', 'IPv4 Local Network/s', 'text', $pconfig['local_network'] - ))->setHelp('These are the IPv4 networks that will be accessible from this particular client. Expressed as a comma-separated list of one or more CIDR ranges. ' . '
' . - 'NOTE: Networks do not need to be specified here if they have already been defined on the main server configuration.'); + ))->setHelp('These are the IPv4 server-side networks that will be accessible from this particular client. Expressed as a comma-separated list of one or more CIDR networks. ' . '
' . + 'NOTE: Networks do not need to be specified here if they have already been defined on the main server configuration.'); $section->addInput(new Form_Input( 'local_networkv6', 'IPv6 Local Network/s', 'text', $pconfig['local_networkv6'] - ))->setHelp('These are the IPv4 networks that will be accessible from this particular client. Expressed as a comma-separated list of one or more IP/PREFIX networks.' . '
' . - 'NOTE: Networks do not need to be specified here if they have already been defined on the main server configuration.'); + ))->setHelp('These are the IPv6 server-side networks that will be accessible from this particular client. Expressed as a comma-separated list of one or more IP/PREFIX networks.' . '
' . + 'NOTE: Networks do not need to be specified here if they have already been defined on the main server configuration.'); $section->addInput(new Form_Input( 'remote_network', 'IPv4 Remote Network/s', 'text', $pconfig['remote_network'] - ))->setHelp('These are the IPv4 networks that will be routed to this client specifically using iroute, so that a site-to-site VPN can be established. ' . - 'Expressed as a comma-separated list of one or more CIDR ranges. May be left blank if there are no client-side networks to be routed.' . '
' . - 'NOTE: Remember to add these subnets to the IPv4 Remote Networks list on the corresponding OpenVPN server settings.'); + ))->setHelp('These are the IPv4 client-side networks that will be routed to this client specifically using iroute, so that a site-to-site VPN can be established. ' . + 'Expressed as a comma-separated list of one or more CIDR ranges. May be left blank if there are no client-side networks to be routed.' . '
' . + 'NOTE: Remember to add these subnets to the IPv4 Remote Networks list on the corresponding OpenVPN server settings.'); $section->addInput(new Form_Input( 'remote_networkv6', 'IPv6 Remote Network/s', 'text', $pconfig['remote_networkv6'] - ))->setHelp('These are the IPv6 networks that will be routed to this client specifically using iroute, so that a site-to-site VPN can be established. ' . - 'Expressed as a comma-separated list of one or more IP/PREFIX networks. May be left blank if there are no client-side networks to be routed.' . '
' . - 'NOTE: Remember to add these subnets to the IPv6 Remote Networks list on the corresponding OpenVPN server settings.'); + ))->setHelp('These are the IPv6 client-side networks that will be routed to this client specifically using iroute, so that a site-to-site VPN can be established. ' . + 'Expressed as a comma-separated list of one or more IP/PREFIX networks. May be left blank if there are no client-side networks to be routed.' . '
' . + 'NOTE: Remember to add these subnets to the IPv6 Remote Networks list on the corresponding OpenVPN server settings.'); $section->addInput(new Form_Checkbox( 'gwredir', -- cgit v1.1 From 20fb094c759c9520c29c9d52e1a03086645bb9c5 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Thu, 5 Jan 2017 08:37:11 +0545 Subject: vpn_openvpn_server comment typo --- src/usr/local/www/vpn_openvpn_server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index 52672f8..cbb33ba 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -1789,7 +1789,7 @@ events.push(function() { } }); - // Make sure hte "Availlable ciphers" selector is not submitted with the form, + // Make sure the "Available ciphers" selector is not submitted with the form, // and select all of the chosen ciphers so that they are submitted $('form').submit(function() { $("#availciphers" ).prop( "disabled", true); -- cgit v1.1 From 531c348639adb8b7e7d190e8fdab709fea61f61a Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 22:01:16 -0500 Subject: Correct the method used for input validation of NTP Orphan mode. Fixes #7034 --- src/usr/local/www/services_ntpd.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/services_ntpd.php b/src/usr/local/www/services_ntpd.php index 2adcfe0..808d432 100644 --- a/src/usr/local/www/services_ntpd.php +++ b/src/usr/local/www/services_ntpd.php @@ -53,6 +53,10 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; + if ((strlen($pconfig['ntporphan']) > 0) && (!is_numericint($pconfig['ntporphan']) || ($pconfig['ntporphan'] < 1) || ($pconfig['ntporphan'] > 15))) { + $input_errors[] = gettext("The supplied value for NTP Orphan Mode is invalid."); + } + if (!$input_errors) { if (is_array($_POST['interface'])) { $config['ntpd']['interface'] = implode(",", $_POST['interface']); @@ -91,11 +95,7 @@ if ($_POST) { } $config['system']['timeservers'] = trim($timeservers); - if (!empty($_POST['ntporphan']) && ($_POST['ntporphan'] < 17) && ($_POST['ntporphan'] != '12')) { - $config['ntpd']['orphan'] = $_POST['ntporphan']; - } elseif (isset($config['ntpd']['orphan'])) { - unset($config['ntpd']['orphan']); - } + $config['ntpd']['orphan'] = trim($pconfig['ntporphan']); if (!empty($_POST['logpeer'])) { $config['ntpd']['logpeer'] = $_POST['logpeer']; -- cgit v1.1 From 383bbc177d6c1beb719c8ad8ba2a05c25c3f71c3 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Thu, 5 Jan 2017 08:48:33 +0545 Subject: vpn_openvpn_client comment typo Same stuff was copied here --- src/usr/local/www/vpn_openvpn_client.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_client.php b/src/usr/local/www/vpn_openvpn_client.php index 3ce2c95..e3bc9f1 100644 --- a/src/usr/local/www/vpn_openvpn_client.php +++ b/src/usr/local/www/vpn_openvpn_client.php @@ -1076,7 +1076,7 @@ events.push(function() { } }); - // Make sure hte "Availlable ciphers" selector is not submitted with the form, + // Make sure the "Available ciphers" selector is not submitted with the form, // and select all of the chosen ciphers so that they are submitted $('form').submit(function() { $("#availciphers" ).prop( "disabled", true); -- cgit v1.1 From cd45956e512dd5efc122974bb87ca2bcd05010ca Mon Sep 17 00:00:00 2001 From: jim-p Date: Wed, 4 Jan 2017 22:08:54 -0500 Subject: Fix label for consistency. --- src/usr/local/www/vpn_openvpn_server.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/vpn_openvpn_server.php b/src/usr/local/www/vpn_openvpn_server.php index cbb33ba..efd3b26 100644 --- a/src/usr/local/www/vpn_openvpn_server.php +++ b/src/usr/local/www/vpn_openvpn_server.php @@ -917,7 +917,7 @@ if ($act=="new" || $act=="edit"): true ))->setReadonly() ->setAttribute('size', '10') - ->setHelp('Algorithm list.
Click an algorithm name to remove it from the list'); + ->setHelp('Allowed NCP Encryption Algorithms. Click an algorithm name to remove it from the list'); $group->setHelp( 'The order of the selected NCP Encryption Algorithms is respected by OpenVPN.' . '
' . sprint_info_box( -- cgit v1.1 From 0c5d4e8d3e4dc81a9c7eb883a40296493e9faa2b Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Thu, 5 Jan 2017 13:42:22 +0545 Subject: Correctly report unmonitored gateway status If an alternate monitor IP has been entered and saved, then the user checks "Disable Gateway Monitoring" and saves, the alternate monitor IP is retained in the config - that is handy for when unchecking "Disable Gateway Monitoring" later on. But the Gateways widget and Status Gateways do not correctly understand this combination. The gateway status shows as "Online" when it is intended to show "Online (unmonitored)". This PR corrects this. --- src/usr/local/www/status_gateways.php | 10 ++++++++-- src/usr/local/www/widgets/widgets/gateways.widget.php | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/status_gateways.php b/src/usr/local/www/status_gateways.php index d633fab..5b5125c 100644 --- a/src/usr/local/www/status_gateways.php +++ b/src/usr/local/www/status_gateways.php @@ -140,11 +140,17 @@ display_top_tabs($tab_array); $online = gettext("Warning, Latency") . ': ' . $status['delay']; $bgcolor = "bg-warning"; } elseif ($status['status'] == "none") { - $online = gettext("Online"); + if ($status['monitor_disable'] || ($status['monitorip'] == "none")) { + $online = gettext("Online (unmonitored)"); + } else { + $online = gettext("Online"); + } $bgcolor = "bg-success"; } } else if (isset($gateway['monitor_disable'])) { - $online = gettext("Online"); + // Note: return_gateways_status() always returns an array entry for all gateways, + // so this "else if" never happens. + $online = gettext("Online (unmonitored)"); $bgcolor = "bg-success"; } else { $online = gettext("Pending"); diff --git a/src/usr/local/www/widgets/widgets/gateways.widget.php b/src/usr/local/www/widgets/widgets/gateways.widget.php index 34f4d2e..c7c92bd 100644 --- a/src/usr/local/www/widgets/widgets/gateways.widget.php +++ b/src/usr/local/www/widgets/widgets/gateways.widget.php @@ -233,7 +233,7 @@ function compose_table_body_contents() { $online = gettext("Latency"); $bgcolor = "warning"; // khaki } elseif ($gateways_status[$gname]['status'] == "none") { - if ($gateways_status[$gname]['monitorip'] == "none") { + if ($gateways_status[$gname]['monitor_disable'] || ($gateways_status[$gname]['monitorip'] == "none")) { $online = gettext("Online
(unmonitored)"); } else { $online = gettext("Online"); -- cgit v1.1 From ea02e3cf5d54c9f1ebbe09d9fa5522c5c9916876 Mon Sep 17 00:00:00 2001 From: Steve Beaver Date: Thu, 5 Jan 2017 09:10:54 -0500 Subject: Completes fix for #6972 --- src/usr/local/www/js/pfSenseHelpers.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/js/pfSenseHelpers.js b/src/usr/local/www/js/pfSenseHelpers.js index e879f15..2eac30a 100644 --- a/src/usr/local/www/js/pfSenseHelpers.js +++ b/src/usr/local/www/js/pfSenseHelpers.js @@ -353,9 +353,9 @@ function add_row() { $('[id^=delete]').click(function(event) { if ($('.repeatable').length > 1) { if ((typeof retainhelp) == "undefined") - moveHelpText(event.target.id); + moveHelpText($(this).attr("id")); - delete_row(event.target.id); + delete_row($(this).attr("id")); } else { alert('The last row may not be deleted.'); } -- cgit v1.1 From 1d3fbcc7dfef379e20543897596d3843ccba7485 Mon Sep 17 00:00:00 2001 From: scherma Date: Thu, 5 Jan 2017 17:21:24 +0000 Subject: Remove redundancy, more indentation cleanup --- src/usr/local/www/system_usermanager_settings.php | 34 +++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php index cfc7ae7..4418f4f 100644 --- a/src/usr/local/www/system_usermanager_settings.php +++ b/src/usr/local/www/system_usermanager_settings.php @@ -92,17 +92,17 @@ if ($_REQUEST['ajax']) { } } -$pconfig['session_timeout'] = &$config['system']['webgui']['session_timeout']; +$pconfig['session_timeout'] = $config['system']['webgui']['session_timeout']; if (isset($config['system']['webgui']['authmode'])) { - $pconfig['authmode'] = &$config['system']['webgui']['authmode']; + $pconfig['authmode'] = $config['system']['webgui']['authmode']; } else { $pconfig['authmode'] = "Local Database"; } -$pconfig['backend'] = &$config['system']['webgui']['backend']; +$pconfig['backend'] = $config['system']['webgui']['backend']; -$pconfig['auth_refresh_time'] = &$config['system']['webgui']['auth_refresh_time']; +$pconfig['auth_refresh_time'] = $config['system']['webgui']['auth_refresh_time']; // Page title for main admin $pgtitle = array(gettext("System"), gettext("User Manager"), gettext("Settings")); @@ -119,10 +119,10 @@ if ($_POST) { $input_errors[] = gettext("Session timeout must be an integer value."); } } - + if (isset($_POST['auth_refresh_time'])) { $timeout = intval($_POST['auth_refresh_time']); - if ($timeout != "" && (!is_numeric($timeout) || $timeout < 0 || $timeout > 3600 )) { + if (!is_numeric($timeout) || $timeout < 0 || $timeout > 3600 ) { $input_errors[] = gettext("Authentication refresh time must be an integer between 0 and 3600 (inclusive)."); } } @@ -155,11 +155,11 @@ if ($_POST) { unset($config['system']['webgui']['authmode']); } - if (isset($_POST['auth_refresh_time']) && $_POST['auth_refresh_time'] != "") { - $config['system']['webgui']['auth_refresh_time'] = intval($_POST['auth_refresh_time']); - } else { - unset($config['system']['webgui']['auth_refresh_time']); - } + if (isset($_POST['auth_refresh_time']) && $_POST['auth_refresh_time'] != "") { + $config['system']['webgui']['auth_refresh_time'] = intval($_POST['auth_refresh_time']); + } else { + unset($config['system']['webgui']['auth_refresh_time']); + } write_config(); @@ -215,13 +215,13 @@ $section->addInput(new Form_Select( )); $section->addInput(new Form_Input( - 'auth_refresh_time', - 'Auth Refresh Time', - 'number', - $pconfig['auth_refresh_time'], - ['min' => 0, 'max' => 3600] + 'auth_refresh_time', + 'Auth Refresh Time', + 'number', + $pconfig['auth_refresh_time'], + ['min' => 0, 'max' => 3600] ))->setHelp('Time in seconds to cache authentication results. The default is 30 seconds, maximum 3600 (one hour). '. - 'Shorter times result in more frequent queries to authentication servers.'); + 'Shorter times result in more frequent queries to authentication servers.'); $form->addGlobal(new Form_Button( 'savetest', -- cgit v1.1 From 0436b9a5197ac8c4646a006c0e351ecf66059193 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Fri, 6 Jan 2017 13:05:58 +0545 Subject: Redmine #7089 Add extra help about timezone We could also add some text like this to encourage users to choose the "Continent/City" time zones. --- src/usr/local/www/system.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/system.php b/src/usr/local/www/system.php index 980e773..e1668b3 100644 --- a/src/usr/local/www/system.php +++ b/src/usr/local/www/system.php @@ -456,7 +456,8 @@ $section->addInput(new Form_Select( 'Timezone', $pconfig['timezone'], array_combine($timezonelist, $timezonelist) -))->setHelp('Select the timezone or location within the timezone to be used by this system.'); +))->setHelp('Select the timezone or location within the timezone to be used by this system. '. + 'Usually choose a "Continent/City". Only choose a special or "Etc" entry if you understand why you need to use it.'); $section->addInput(new Form_Input( 'timeservers', -- cgit v1.1 From d2b1c52f4cd0343fb5f0d136490041f9ededcea3 Mon Sep 17 00:00:00 2001 From: Phil Davis Date: Fri, 6 Jan 2017 16:12:21 +0545 Subject: Allow hiding of gateways in Gateways Widget Sometimes there are gateways that I do not care about, so it is handy to be able to save some space on the dashboard by hiding them. This uses similar code structure taken from service_status widget. I made the Save and Clear buttons and all that stuff use the same styles also. I guess that the way it was all done in the Services widget is the more "modern" way. --- .../local/www/widgets/widgets/gateways.widget.php | 140 ++++++++++++++------- 1 file changed, 96 insertions(+), 44 deletions(-) (limited to 'src/usr/local') diff --git a/src/usr/local/www/widgets/widgets/gateways.widget.php b/src/usr/local/www/widgets/widgets/gateways.widget.php index c7c92bd..3916ffa 100644 --- a/src/usr/local/www/widgets/widgets/gateways.widget.php +++ b/src/usr/local/www/widgets/widgets/gateways.widget.php @@ -41,9 +41,24 @@ if ($_POST) { if (!is_array($user_settings["widgets"]["gateways_widget"])) { $user_settings["widgets"]["gateways_widget"] = array(); } + if (isset($_POST["display_type"])) { $user_settings["widgets"]["gateways_widget"]["display_type"] = $_POST["display_type"]; } + + if (is_array($_POST['gatewaysfilter'])) { + $validNames = array(); + $a_gateways = return_gateways_array(); + + foreach ($a_gateways as $gname => $gateway) { + array_push($validNames, $gname); + } + + $user_settings["widgets"]["gateways_widget"]["gatewaysfilter"] = implode(',', array_intersect($validNames, $_POST['gatewaysfilter'])); + } else { + $user_settings["widgets"]["gateways_widget"]["gatewaysfilter"] = ""; + } + save_widget_settings($_SESSION['Username'], $user_settings["widgets"], gettext("Updated gateways widget settings via dashboard.")); header("Location: /"); exit(0); @@ -71,55 +86,68 @@ $widgetperiod = isset($config['widgets']['period']) ? $config['widgets']['period
- - -