diff options
author | PiBa-NL <pba_2k3@yahoo.com> | 2013-03-27 01:08:40 +0100 |
---|---|---|
committer | PiBa-NL <pba_2k3@yahoo.com> | 2013-03-27 01:08:40 +0100 |
commit | 16e49a1c9ceddcb81dd5b8800c1627394bb3311e (patch) | |
tree | 9b0a99fe47c37cfa9baf1b76d5b83518e2830824 | |
parent | 826b152e5d25978f8b9306f90450197ce4f4827b (diff) | |
download | pfsense-packages-16e49a1c9ceddcb81dd5b8800c1627394bb3311e.tar.gz pfsense-packages-16e49a1c9ceddcb81dd5b8800c1627394bb3311e.tar.bz2 pfsense-packages-16e49a1c9ceddcb81dd5b8800c1627394bb3311e.zip |
advanced bind options, extended username/password characters+escaping, change deprecated options to current equivalents, changed nbproc default to 1, for better (default settings) compatibility with other options.
-rw-r--r-- | config/haproxy-devel/haproxy.inc | 42 | ||||
-rwxr-xr-x | config/haproxy-devel/haproxy_global.php | 7 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_listeners_edit.php | 14 | ||||
-rw-r--r-- | config/haproxy-devel/haproxy_pool_edit.php | 29 |
4 files changed, 67 insertions, 25 deletions
diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index a8fc1497..f949bf98 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -360,11 +360,11 @@ function write_backend($fd, $name, $pool, $frontend) { if(!$pool['connection_timeout']) $pool['connection_timeout'] = 30000; - fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n"); + fwrite ($fd, "\ttimeout connect\t\t" . $pool['connection_timeout'] . "\n"); if(!$pool['server_timeout']) $pool['server_timeout'] = 30000; - fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n"); + fwrite ($fd, "\ttimeout server\t\t" . $pool['server_timeout'] . "\n"); if(!$pool['retries']) $pool['retries'] = 3; @@ -375,10 +375,13 @@ function write_backend($fd, $name, $pool, $frontend) { if($pool['stats_uri']) fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n"); if($pool['stats_realm']) - fwrite ($fd, "\tstats\t\t\trealm " . $pool['stats_realm'] . "\n"); + fwrite ($fd, "\tstats\t\t\trealm " . haproxy_escapestring($pool['stats_realm']) . "\n"); else fwrite ($fd, "\tstats\t\t\trealm .\n"); - fwrite ($fd, "\tstats\t\t\tauth " . $pool['stats_username'].":". $pool['stats_password']."\n"); + fwrite ($fd, "\tstats\t\t\tauth " . haproxy_escapestring($pool['stats_username']).":". haproxy_escapestring($pool['stats_password'])."\n"); + + if($pool['stats_admin']=='yes') + fwrite ($fd, "\tstats\t\t\tadmin if TRUE" . "\n"); if($pool['stats_node_enabled']=='yes') fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n"); @@ -477,8 +480,6 @@ function haproxy_writeconf() { if(is_array($a_global)) { fwrite ($fd, "global\n"); - if($a_global['advanced']) - fwrite ($fd, "\t" . base64_decode($a_global['advanced']) . "\n"); fwrite ($fd, "\tmaxconn\t\t\t".$a_global['maxconn']."\n"); if($a_global['remotesyslog']) fwrite ($fd, "\tlog\t\t\t{$a_global['remotesyslog']}\t{$a_global['logfacility']}\t{$a_global['loglevel']}\n"); @@ -488,10 +489,18 @@ function haproxy_writeconf() { if($a_global['nbproc']) $numprocs = $a_global['nbproc']; else - $numprocs = trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); + $numprocs ="1"; fwrite ($fd, "\tnbproc\t\t\t$numprocs\n"); fwrite ($fd, "\tchroot\t\t\t/var/empty\n"); fwrite ($fd, "\tdaemon\n"); + + // Keep the advanced options on the bottom of the global settings, to allow additional sections to be easely added + if($a_global['advanced']) { + $adv = explode("\n", base64_decode($a_global['advanced'])); + foreach($adv as $adv_line) { + fwrite($fd, "\t" . $adv_line . "\n"); + } + } fwrite ($fd, "\n"); } @@ -548,6 +557,7 @@ function haproxy_writeconf() { $b['client_timeout'] = $backend['client_timeout']; $b['advanced'] = $backend['advanced']; $b['ssloffload'] = $backend['ssloffload']; + $b['advanced_bind'] = $backend['advanced_bind']; } if ($ssl_crt != "") { @@ -577,6 +587,7 @@ function haproxy_writeconf() { $portss = "{$bind['port']},"; $ports = split(",", $portss); $ssl_info = $bind['ssl_info']; + $advanced_bind = $bind['advanced_bind']; // Initialize variable $listenip = ""; @@ -584,11 +595,11 @@ function haproxy_writeconf() { foreach($ports as $port) { if($port) { if($bind['extaddr'] == "any") - $listenip .= "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info}\n"; + $listenip .= "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info} {$advanced_bind}\n"; elseif($bind['extaddr']) - $listenip .= "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info}\n"; + $listenip .= "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info} {$advanced_bind}\n"; else - $listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info}\n"; + $listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info} {$advanced_bind}\n"; } } @@ -632,7 +643,7 @@ function haproxy_writeconf() { if(!$bind['client_timeout']) $bind['client_timeout'] = 30000; - fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n"); + fwrite ($fd, "\ttimeout client\t\t" . $bind['client_timeout'] . "\n"); // Combine the rest of the listener configs @@ -1026,9 +1037,14 @@ function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName } } -function phparray_to_javascriptarray($items, $javaMapName, $includeitems) -{ +function phparray_to_javascriptarray($items, $javaMapName, $includeitems) { phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems); } +function haproxy_escapestring($configurationsting) { + $result = str_replace('\\', '\\\\', $configurationsting); + $result = str_replace(' ', '\\ ', $result); + return str_replace('#', '\\#', $result); +} + ?> diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index 8e2949fd..c906cda0 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -227,7 +227,9 @@ function enable_change(enable_change) { <td class="vtable"> <input name="nbproc" type="text" class="formfld" id="nbproc" size="18" value="<?=htmlspecialchars($pconfig['nbproc']);?>"> <br/> - Defaults to number of cores/processors installed if left blank (<?php echo trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); ?> detected). + Defaults to 1 if left blank (<?php echo trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); ?> CPU core(s) detected).<br/> + Note : Consider leaving this value empty or 1 because in multi-process mode (nbproc > 1) memory is not shared between the processes, which could result in random behaviours for several options like ACL's, sticky connections and some others.<br/> + For more information about the <b>"nbproc"</b> option please see <b><a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_new'>HAProxy Documentation</a> </b> </td> </tr> <tr> @@ -235,7 +237,8 @@ function enable_change(enable_change) { Remote syslog host </td> <td class="vtable"> - <input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>"> + <input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>"><br/> + To log to the local pfSense systemlog fill the host with the value <b>/var/run/log</b>, however if a lot of messages are generated logging is likely to be incomplete. (Also currently no informational logging gets shown in the systemlog.) </td> </tr> <tr> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index afd424c7..2e943e96 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -144,7 +144,7 @@ $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item']; global $simplefields; $simplefields = array('name','desc','status','secondary','primary_frontend','type','forwardfor','httpclose','extaddr','backend_serverpool', - 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl'); + 'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl','advanced_bind'); if (isset($_POST['id'])) $id = $_POST['id']; @@ -708,9 +708,17 @@ include("head.inc"); </td> </tr> <tr align="left"> + <td width="22%" valign="top" class="vncell">Bind pass thru</td> + <td width="78%" class="vtable" colspan="2"> + <input name="advanced_bind" type="text" <?if(isset($pconfig['advanced_bind'])) echo "value=\"".htmlspecialchars($pconfig['advanced_bind'])."\"";?> size="64"> + <br/> + NOTE: paste text into this box that you would like to pass behind the bind option. + </td> + </tr> + <tr align="left"> <td width="22%" valign="top" class="vncell">Advanced pass thru</td> <td width="78%" class="vtable" colspan="2"> - <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea> + <textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo htmlspecialchars($pconfig['advanced']); ?></textarea> <br/> NOTE: paste text into this box that you would like to pass thru. </td> @@ -752,7 +760,7 @@ include("head.inc"); <input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();">Add ACL for certificate CommonName.</input> </td> </tr> - <tr class="haproxy_ssloffloading_enabled" align="left"> + <tr class="haproxy_ssloffloading_enabled haproxy_primary" align="left"> <td width="22%" valign="top" class="vncell">Advanced ssl options</td> <td width="78%" class="vtable" colspan="2"> <input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64"> diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index 446c8e35..3ed0b799 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -48,7 +48,7 @@ if (isset($_GET['dup'])) $id = $_GET['dup']; global $simplefields; -$simplefields = array("retries","balance","connection_timeout","server_timeout", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_node_enabled","stats_node","stats_desc","stats_refresh"); +$simplefields = array("retries","balance","connection_timeout","server_timeout", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_admin","stats_node_enabled","stats_node","stats_desc","stats_refresh"); if (isset($id) && $a_pools[$id]) { $pconfig['name'] = $a_pools[$id]['name']; @@ -97,10 +97,12 @@ if ($_POST) { if ($_POST['retries'] !== "" && !is_numeric($_POST['retries'])) $input_errors[] = "The field 'Retries' value is not a number."; - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username'])) + // the colon ":" is invalid in the username, other than that pretty much any character can be used. + if (preg_match("/[^a-zA-Z0-9!-\/;-~ ]/", $_POST['stats_username'])) $input_errors[] = "The field 'Stats Username' contains invalid characters."; - if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password'])) + // the colon ":" can also be used in the password + if (preg_match("/[^a-zA-Z0-9!-~ ]/", $_POST['stats_password'])) $input_errors[] = "The field 'Stats Password' contains invalid characters."; /* Ensure that our pool names are unique */ @@ -256,7 +258,7 @@ row_helper(); rowsize[0] = "30"; rowname[1] = "server_address"; rowtype[1] = "textbox"; - rowsize[1] = "30"; + rowsize[1] = "20"; rowname[2] = "server_port"; rowtype[2] = "textbox"; rowsize[2] = "5"; @@ -269,6 +271,9 @@ row_helper(); rowname[5] = "server_status"; rowtype[5] = "select"; rowsize[5] = "1"; + rowname[6] = "server_name"; + rowtype[6] = "textbox"; + rowsize[6] = "20"; </script> <?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> @@ -543,14 +548,24 @@ set by the 'retries' parameter.</div> <tr class="haproxy_stats_visible" align="left" id='stats_username_row' name='stats_username_row'> <td width="22%" valign="top" class="vncellreq">Stats Username</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="64"> + <input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"".htmlspecialchars($pconfig['stats_username'])."\"";?> size="64"> </td> </tr> <tr class="haproxy_stats_visible" align="left" id='stats_password_row' name='stats_password_row'> <td width="22%" valign="top" class="vncellreq">Stats Password</td> <td width="78%" class="vtable" colspan="2"> - <input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="64"> + <input id="stats_password" name="stats_password" type="password" <? + if(isset($pconfig['stats_password'])) + echo "value=\"".htmlspecialchars($pconfig['stats_password'])."\""; + ?> size="64"> + <br/> + </td> + </tr> + <tr class="haproxy_stats_visible" align="left" id='stats_node_admin_row' name='stats_node_enabled_row'> + <td width="22%" valign="top" class="vncell">Stats Admin</td> + <td width="78%" class="vtable" colspan="2"> + <input id="stats_admin" name="stats_admin" type="checkbox" value="yes" <?php if ($pconfig['stats_admin']=='yes') echo "checked"; ?>> <br/> </td> </tr> @@ -600,7 +615,7 @@ set by the 'retries' parameter.</div> <br> <?php include("fend.inc"); ?> <script type="text/javascript"> - field_counter_js = 6; + field_counter_js = 7; rows = 1; totalrows = <?php echo $counter; ?>; loaded = <?php echo $counter; ?>; |