.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgment:
* "This product includes software developed by the pfSense Project
* for use in the pfSense® software distribution. (http://www.pfsense.org/).
*
* 4. The names "pfSense" and "pfSense Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* coreteam@pfsense.org.
*
* 5. Products derived from this software may not be called "pfSense"
* nor may "pfSense" appear in their names without prior written
* permission of the Electric Sheep Fencing, LLC.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
*
* "This product includes software developed by the pfSense Project
* for use in the pfSense software distribution (http://www.pfsense.org/).
*
* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
*/
##|+PRIV
##|*IDENT=page-system-advanced-admin
##|*NAME=System: Advanced: Admin Access Page
##|*DESCR=Allow access to the 'System: Advanced: Admin Access' page.
##|*MATCH=system_advanced_admin.php*
##|-PRIV
require_once("guiconfig.inc");
require_once("functions.inc");
require_once("filter.inc");
require_once("shaper.inc");
$pconfig['webguiproto'] = $config['system']['webgui']['protocol'];
$pconfig['webguiport'] = $config['system']['webgui']['port'];
$pconfig['max_procs'] = ($config['system']['webgui']['max_procs']) ? $config['system']['webgui']['max_procs'] : 2;
$pconfig['ssl-certref'] = $config['system']['webgui']['ssl-certref'];
$pconfig['disablehttpredirect'] = isset($config['system']['webgui']['disablehttpredirect']);
$pconfig['disableconsolemenu'] = isset($config['system']['disableconsolemenu']);
$pconfig['noantilockout'] = isset($config['system']['webgui']['noantilockout']);
$pconfig['nodnsrebindcheck'] = isset($config['system']['webgui']['nodnsrebindcheck']);
$pconfig['nohttpreferercheck'] = isset($config['system']['webgui']['nohttpreferercheck']);
$pconfig['pagenamefirst'] = isset($config['system']['webgui']['pagenamefirst']);
$pconfig['loginautocomplete'] = isset($config['system']['webgui']['loginautocomplete']);
$pconfig['althostnames'] = $config['system']['webgui']['althostnames'];
$pconfig['enableserial'] = $config['system']['enableserial'];
$pconfig['serialspeed'] = $config['system']['serialspeed'];
$pconfig['primaryconsole'] = $config['system']['primaryconsole'];
$pconfig['enablesshd'] = $config['system']['enablesshd'];
$pconfig['sshport'] = $config['system']['ssh']['port'];
$pconfig['sshdkeyonly'] = isset($config['system']['ssh']['sshdkeyonly']);
$pconfig['quietlogin'] = isset($config['system']['webgui']['quietlogin']);
$a_cert =& $config['cert'];
$certs_available = false;
if (is_array($a_cert) && count($a_cert)) {
$certs_available = true;
} else {
$a_cert = array();
}
if (!$pconfig['webguiproto'] || !$certs_available) {
$pconfig['webguiproto'] = "http";
}
if ($_POST) {
unset($input_errors);
$pconfig = $_POST;
/* input validation */
if ($_POST['webguiport']) {
if (!is_port($_POST['webguiport'])) {
$input_errors[] = gettext("A valid webConfigurator port number must be specified");
}
}
if ($_POST['max_procs']) {
if (!is_numericint($_POST['max_procs']) || ($_POST['max_procs'] < 1) || ($_POST['max_procs'] > 500)) {
$input_errors[] = gettext("Max Processes must be a number 1 or greater");
}
}
if ($_POST['althostnames']) {
$althosts = explode(" ", $_POST['althostnames']);
foreach ($althosts as $ah) {
if (!is_ipaddr($ah) && !is_hostname($ah)) {
$input_errors[] = sprintf(gettext("Alternate hostname %s is not a valid hostname."), htmlspecialchars($ah));
}
}
}
if ($_POST['sshport']) {
if (!is_port($_POST['sshport'])) {
$input_errors[] = gettext("A valid port number must be specified");
}
}
if ($_POST['sshdkeyonly'] == "yes") {
$config['system']['ssh']['sshdkeyonly'] = "enabled";
} else if (isset($config['system']['ssh']['sshdkeyonly'])) {
unset($config['system']['ssh']['sshdkeyonly']);
}
ob_flush();
flush();
if (!$input_errors) {
if (update_if_changed("webgui protocol", $config['system']['webgui']['protocol'], $_POST['webguiproto'])) {
$restart_webgui = true;
}
if (update_if_changed("webgui port", $config['system']['webgui']['port'], $_POST['webguiport'])) {
$restart_webgui = true;
}
if (update_if_changed("webgui certificate", $config['system']['webgui']['ssl-certref'], $_POST['ssl-certref'])) {
$restart_webgui = true;
}
if (update_if_changed("webgui max processes", $config['system']['webgui']['max_procs'], $_POST['max_procs'])) {
$restart_webgui = true;
}
// Restart the webgui only if this actually changed
if ($_POST['webgui-redirect'] == "yes") {
if ($config['system']['webgui']['disablehttpredirect'] != true) {
$restart_webgui = true;
}
$config['system']['webgui']['disablehttpredirect'] = true;
} else {
if ($config['system']['webgui']['disablehttpredirect'] == true) {
$restart_webgui = true;
}
unset($config['system']['webgui']['disablehttpredirect']);
}
if ($_POST['webgui-login-messages'] == "yes") {
$config['system']['webgui']['quietlogin'] = true;
} else {
unset($config['system']['webgui']['quietlogin']);
}
if ($_POST['disableconsolemenu'] == "yes") {
$config['system']['disableconsolemenu'] = true;
} else {
unset($config['system']['disableconsolemenu']);
}
if ($_POST['noantilockout'] == "yes") {
$config['system']['webgui']['noantilockout'] = true;
} else {
unset($config['system']['webgui']['noantilockout']);
}
if ($_POST['enableserial'] == "yes" || $g['enableserial_force']) {
$config['system']['enableserial'] = true;
} else {
unset($config['system']['enableserial']);
}
if (is_numericint($_POST['serialspeed'])) {
$config['system']['serialspeed'] = $_POST['serialspeed'];
} else {
unset($config['system']['serialspeed']);
}
if ($_POST['primaryconsole']) {
$config['system']['primaryconsole'] = $_POST['primaryconsole'];
} else {
unset($config['system']['primaryconsole']);
}
if ($_POST['nodnsrebindcheck'] == "yes") {
$config['system']['webgui']['nodnsrebindcheck'] = true;
} else {
unset($config['system']['webgui']['nodnsrebindcheck']);
}
if ($_POST['nohttpreferercheck'] == "yes") {
$config['system']['webgui']['nohttpreferercheck'] = true;
} else {
unset($config['system']['webgui']['nohttpreferercheck']);
}
if ($_POST['pagenamefirst'] == "yes") {
$config['system']['webgui']['pagenamefirst'] = true;
} else {
unset($config['system']['webgui']['pagenamefirst']);
}
if ($_POST['loginautocomplete'] == "yes") {
$config['system']['webgui']['loginautocomplete'] = true;
} else {
unset($config['system']['webgui']['loginautocomplete']);
}
if ($_POST['althostnames']) {
$config['system']['webgui']['althostnames'] = $_POST['althostnames'];
} else {
unset($config['system']['webgui']['althostnames']);
}
$sshd_enabled = $config['system']['enablesshd'];
if ($_POST['enablesshd']) {
$config['system']['enablesshd'] = "enabled";
} else {
unset($config['system']['enablesshd']);
}
$sshd_keyonly = isset($config['system']['sshdkeyonly']);
if ($_POST['sshdkeyonly']) {
$config['system']['sshdkeyonly'] = true;
} else {
unset($config['system']['sshdkeyonly']);
}
$sshd_port = $config['system']['ssh']['port'];
if ($_POST['sshport']) {
$config['system']['ssh']['port'] = $_POST['sshport'];
} else if (isset($config['system']['ssh']['port'])) {
unset($config['system']['ssh']['port']);
}
if (($sshd_enabled != $config['system']['enablesshd']) ||
($sshd_keyonly != $config['system']['sshdkeyonly']) ||
($sshd_port != $config['system']['ssh']['port'])) {
$restart_sshd = true;
}
if ($restart_webgui) {
global $_SERVER;
$http_host_port = explode("]", $_SERVER['HTTP_HOST']);
/* IPv6 address check */
if (strstr($_SERVER['HTTP_HOST'], "]")) {
if (count($http_host_port) > 1) {
array_pop($http_host_port);
$host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
$host = "[{$host}]";
} else {
$host = str_replace(array("[", "]"), "", implode(":", $http_host_port));
$host = "[{$host}]";
}
} else {
list($host) = explode(":", $_SERVER['HTTP_HOST']);
}
$prot = $config['system']['webgui']['protocol'];
$port = $config['system']['webgui']['port'];
if ($port) {
$url = "{$prot}://{$host}:{$port}/system_advanced_admin.php";
} else {
$url = "{$prot}://{$host}/system_advanced_admin.php";
}
}
write_config();
$retval = filter_configure();
$savemsg = get_std_save_message($retval);
if ($restart_webgui) {
$savemsg .= sprintf("
" . gettext("One moment...redirecting to %s in 20 seconds."), $url);
}
conf_mount_rw();
setup_serial_port();
// Restart DNS in case dns rebinding toggled
if (isset($config['dnsmasq']['enable'])) {
services_dnsmasq_configure();
} elseif (isset($config['unbound']['enable'])) {
services_unbound_configure();
}
conf_mount_ro();
}
}
$pgtitle = array(gettext("System"), gettext("Advanced"), gettext("Admin Access"));
include("head.inc");
if ($input_errors) {
print_input_errors($input_errors);
}
if ($savemsg) {
print_info_box($savemsg, 'success');
}
$tab_array = array();
$tab_array[] = array(gettext("Admin Access"), true, "system_advanced_admin.php");
$tab_array[] = array(htmlspecialchars(gettext("Firewall & NAT")), false, "system_advanced_firewall.php");
$tab_array[] = array(gettext("Networking"), false, "system_advanced_network.php");
$tab_array[] = array(gettext("Miscellaneous"), false, "system_advanced_misc.php");
$tab_array[] = array(gettext("System Tunables"), false, "system_advanced_sysctl.php");
$tab_array[] = array(gettext("Notifications"), false, "system_advanced_notifications.php");
display_top_tabs($tab_array);
?>