advanced bind options, extended username/password characters+escaping, change deprecated options to current equivalents, changed nbproc default to 1, for better (default settings) compatibility with other options.

4 files changed, 67 insertions, 25 deletions

diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc
index a8fc1497..f949bf98 100644
--- a/config/haproxy-devel/haproxy.inc
+++ b/config/haproxy-devel/haproxy.inc
@@ -360,11 +360,11 @@ function write_backend($fd, $name, $pool, $frontend) {
 
 	if(!$pool['connection_timeout'])
 		$pool['connection_timeout'] = 30000;
-	fwrite ($fd, "\tcontimeout\t\t" . $pool['connection_timeout'] . "\n");
+	fwrite ($fd, "\ttimeout connect\t\t" . $pool['connection_timeout'] . "\n");
 
 	if(!$pool['server_timeout'])
 		$pool['server_timeout'] = 30000;
-	fwrite ($fd, "\tsrvtimeout\t\t" . $pool['server_timeout'] . "\n");
+	fwrite ($fd, "\ttimeout server\t\t" . $pool['server_timeout'] . "\n");
 
 	if(!$pool['retries'])
 		$pool['retries'] = 3;
@@ -375,10 +375,13 @@ function write_backend($fd, $name, $pool, $frontend) {
 		if($pool['stats_uri'])
 			fwrite ($fd, "\tstats\t\t\turi ".$pool['stats_uri']."\n");
 		if($pool['stats_realm'])
-			fwrite ($fd, "\tstats\t\t\trealm " . $pool['stats_realm'] . "\n");
+			fwrite ($fd, "\tstats\t\t\trealm " . haproxy_escapestring($pool['stats_realm']) . "\n");
 		else 
 			fwrite ($fd, "\tstats\t\t\trealm .\n");
-		fwrite ($fd, "\tstats\t\t\tauth " . $pool['stats_username'].":". $pool['stats_password']."\n");
+		fwrite ($fd, "\tstats\t\t\tauth " . haproxy_escapestring($pool['stats_username']).":". haproxy_escapestring($pool['stats_password'])."\n");
+		
+		if($pool['stats_admin']=='yes')
+			fwrite ($fd, "\tstats\t\t\tadmin if TRUE" . "\n");
 		
 		if($pool['stats_node_enabled']=='yes')
 			fwrite ($fd, "\tstats\t\t\tshow-node " . $pool['stats_node'] . "\n");
@@ -477,8 +480,6 @@ function haproxy_writeconf() {
 
 	if(is_array($a_global)) {
 		fwrite ($fd, "global\n");
-		if($a_global['advanced'])
-			fwrite ($fd, "\t" . base64_decode($a_global['advanced']) . "\n");
 		fwrite ($fd, "\tmaxconn\t\t\t".$a_global['maxconn']."\n");
 		if($a_global['remotesyslog'])
 			fwrite ($fd, "\tlog\t\t\t{$a_global['remotesyslog']}\t{$a_global['logfacility']}\t{$a_global['loglevel']}\n");
@@ -488,10 +489,18 @@ function haproxy_writeconf() {
 		if($a_global['nbproc'])
 			$numprocs = $a_global['nbproc'];
 		else 
-			$numprocs = trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`);			
+			$numprocs ="1";
 		fwrite ($fd, "\tnbproc\t\t\t$numprocs\n");
 		fwrite ($fd, "\tchroot\t\t\t/var/empty\n");
 		fwrite ($fd, "\tdaemon\n");
+		
+		// Keep the advanced options on the bottom of the global settings, to allow additional sections to be easely added
+		if($a_global['advanced']) {
+			$adv = explode("\n", base64_decode($a_global['advanced']));
+			foreach($adv as $adv_line) {
+				fwrite($fd, "\t" . $adv_line . "\n");
+			}
+		}
 		fwrite ($fd, "\n");
 	}
 
@@ -548,6 +557,7 @@ function haproxy_writeconf() {
 				$b['client_timeout'] = $backend['client_timeout'];
 				$b['advanced'] = $backend['advanced'];
 				$b['ssloffload'] = $backend['ssloffload'];
+				$b['advanced_bind'] = $backend['advanced_bind'];
 			}
 			
 			if ($ssl_crt != "") {
@@ -577,6 +587,7 @@ function haproxy_writeconf() {
 			$portss = "{$bind['port']},";
 			$ports = split(",", $portss);
 			$ssl_info = $bind['ssl_info'];
+			$advanced_bind = $bind['advanced_bind'];
 			// Initialize variable
 			$listenip = "";
 			
@@ -584,11 +595,11 @@ function haproxy_writeconf() {
 			foreach($ports as $port) {
 				if($port) {
 					if($bind['extaddr'] == "any") 
-						$listenip .=  "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info}\n";
+						$listenip .=  "\tbind\t\t\t0.0.0.0:{$port} {$ssl_info} {$advanced_bind}\n";
 					elseif($bind['extaddr']) 
-						$listenip .=  "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info}\n";	
+						$listenip .=  "\tbind\t\t\t{$bind['extaddr']}:{$port} {$ssl_info} {$advanced_bind}\n";	
 					else 
-						$listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info}\n";
+						$listenip .= "\tbind\t\t\t" . get_current_wan_address('wan') . ":{$port} {$ssl_info} {$advanced_bind}\n";
 				}
 			}
 			
@@ -632,7 +643,7 @@ function haproxy_writeconf() {
 			if(!$bind['client_timeout'])
 				$bind['client_timeout'] = 30000;
 			
-			fwrite ($fd, "\tclitimeout\t\t" . $bind['client_timeout'] . "\n");
+			fwrite ($fd, "\ttimeout client\t\t" . $bind['client_timeout'] . "\n");
 
 	
 			// Combine the rest of the listener configs
@@ -1026,9 +1037,14 @@ function phparray_to_javascriptarray_recursive($nestID, $path, $items, $nodeName
 		}
 }
 
-function phparray_to_javascriptarray($items, $javaMapName, $includeitems)
-{
+function phparray_to_javascriptarray($items, $javaMapName, $includeitems) {
 		phparray_to_javascriptarray_recursive(1,'',$items, $javaMapName, $includeitems);
 }
 
+function haproxy_escapestring($configurationsting) {
+	$result = str_replace('\\', '\\\\', $configurationsting);
+	$result = str_replace(' ', '\\ ', $result);
+	return str_replace('#', '\\#', $result);
+}
+
 ?>
diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php
index 8e2949fd..c906cda0 100755
--- a/config/haproxy-devel/haproxy_global.php
+++ b/config/haproxy-devel/haproxy_global.php
@@ -227,7 +227,9 @@ function enable_change(enable_change) {
 				<td class="vtable">
 					<input name="nbproc" type="text" class="formfld" id="nbproc" size="18" value="<?=htmlspecialchars($pconfig['nbproc']);?>">
 					<br/>
-					Defaults to number of cores/processors installed if left blank (<?php echo trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); ?> detected).
+					Defaults to 1 if left blank (<?php echo trim(`/sbin/sysctl kern.smp.cpus | cut -d" " -f2`); ?> CPU core(s) detected).<br/>
+					Note : Consider leaving this value empty or 1  because in multi-process mode (nbproc > 1) memory is not shared between the processes, which could result in random behaviours for several options like ACL's, sticky connections and some others.<br/>
+					For more information about the <b>"nbproc"</b> option please see <b><a href='http://haproxy.1wt.eu/download/1.5/doc/configuration.txt' target='_new'>HAProxy Documentation</a> </b>
 				</td>
 			</tr>
 			<tr>
@@ -235,7 +237,8 @@ function enable_change(enable_change) {
 					Remote syslog host
 				</td>
 				<td class="vtable">
-					<input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>">
+					<input name="remotesyslog" type="text" class="formfld" id="remotesyslog" size="18" value="<?=htmlspecialchars($pconfig['remotesyslog']);?>"><br/>
+					To log to the local pfSense systemlog fill the host with the value <b>/var/run/log</b>, however if a lot of messages are generated logging is likely to be incomplete. (Also currently no informational logging gets shown in the systemlog.)
 				</td>
 			</tr>
 			<tr>
diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php
index afd424c7..2e943e96 100644
--- a/config/haproxy-devel/haproxy_listeners_edit.php
+++ b/config/haproxy-devel/haproxy_listeners_edit.php
@@ -144,7 +144,7 @@ $a_pools = &$config['installedpackages']['haproxy']['ha_pools']['item'];
 
 global $simplefields;
 $simplefields = array('name','desc','status','secondary','primary_frontend','type','forwardfor','httpclose','extaddr','backend_serverpool',
-	'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl');
+	'max_connections','client_timeout','port','ssloffloadcert','dcertadv','ssloffload','ssloffloadacl','advanced_bind');
 
 if (isset($_POST['id']))
 	$id = $_POST['id'];
@@ -708,9 +708,17 @@ include("head.inc");
 			</td>
 		</tr>
 		<tr align="left">
+			<td width="22%" valign="top" class="vncell">Bind pass thru</td>
+			<td width="78%" class="vtable" colspan="2">
+				<input name="advanced_bind" type="text" <?if(isset($pconfig['advanced_bind'])) echo "value=\"".htmlspecialchars($pconfig['advanced_bind'])."\"";?> size="64">
+				<br/>
+				NOTE: paste text into this box that you would like to pass behind the bind option.
+			</td>
+		</tr>
+		<tr align="left">
 			<td width="22%" valign="top" class="vncell">Advanced pass thru</td>
 			<td width="78%" class="vtable" colspan="2">
-				<textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo $pconfig['advanced']; ?></textarea>
+				<textarea name='advanced' rows="4" cols="70" id='advanced'><?php echo htmlspecialchars($pconfig['advanced']); ?></textarea>
 				<br/>
 				NOTE: paste text into this box that you would like to pass thru.
 			</td>
@@ -752,7 +760,7 @@ include("head.inc");
 				<input id="ssloffloadacl" name="ssloffloadacl" type="checkbox" value="yes" <?php if ($pconfig['ssloffloadacl']=='yes') echo "checked";?> onclick="updatevisibility();">Add ACL for certificate CommonName.</input>
 			</td>
 		</tr>
-		<tr class="haproxy_ssloffloading_enabled" align="left">
+		<tr class="haproxy_ssloffloading_enabled haproxy_primary" align="left">
 			<td width="22%" valign="top" class="vncell">Advanced ssl options</td>
 			<td width="78%" class="vtable" colspan="2">
 				<input type='text' name='dcertadv' size="64" id='dcertadv' <?if(isset($pconfig['dcertadv'])) echo "value=\"{$pconfig['dcertadv']}\"";?> size="10" maxlength="64">
diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php
index 446c8e35..3ed0b799 100644
--- a/config/haproxy-devel/haproxy_pool_edit.php
+++ b/config/haproxy-devel/haproxy_pool_edit.php
@@ -48,7 +48,7 @@ if (isset($_GET['dup']))
 	$id = $_GET['dup'];
 
 global $simplefields;
-$simplefields = array("retries","balance","connection_timeout","server_timeout", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_node_enabled","stats_node","stats_desc","stats_refresh");
+$simplefields = array("retries","balance","connection_timeout","server_timeout", "stats_enabled","stats_username","stats_password","stats_uri","stats_realm","stats_admin","stats_node_enabled","stats_node","stats_desc","stats_refresh");
 
 if (isset($id) && $a_pools[$id]) {
 	$pconfig['name'] = $a_pools[$id]['name'];
@@ -97,10 +97,12 @@ if ($_POST) {
 	if ($_POST['retries'] !== "" && !is_numeric($_POST['retries']))
 		$input_errors[] = "The field 'Retries' value is not a number.";
 
-	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_username']))
+	// the colon ":" is invalid in the username, other than that pretty much any character can be used.
+	if (preg_match("/[^a-zA-Z0-9!-\/;-~ ]/", $_POST['stats_username']))
 		$input_errors[] = "The field 'Stats Username' contains invalid characters.";
 
-	if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['stats_password']))
+	// the colon ":" can also be used in the password
+	if (preg_match("/[^a-zA-Z0-9!-~ ]/", $_POST['stats_password']))
 		$input_errors[] = "The field 'Stats Password' contains invalid characters.";
 
 	/* Ensure that our pool names are unique */
@@ -256,7 +258,7 @@ row_helper();
 	rowsize[0] = "30";
 	rowname[1] = "server_address";
 	rowtype[1] = "textbox";
-	rowsize[1] = "30";
+	rowsize[1] = "20";
 	rowname[2] = "server_port";
 	rowtype[2] = "textbox";
 	rowsize[2] = "5";
@@ -269,6 +271,9 @@ row_helper();
 	rowname[5] = "server_status";
 	rowtype[5] = "select";
 	rowsize[5] = "1";
+	rowname[6] = "server_name";
+	rowtype[6] = "textbox";
+	rowsize[6] = "20";
 </script>
 <?php include("fbegin.inc"); ?>
 <?php if ($input_errors) print_input_errors($input_errors); ?>
@@ -543,14 +548,24 @@ set by the 'retries' parameter.</div>
 		<tr class="haproxy_stats_visible" align="left" id='stats_username_row' name='stats_username_row'>
 			<td width="22%" valign="top" class="vncellreq">Stats Username</td>
 			<td width="78%" class="vtable" colspan="2">
-				<input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"{$pconfig['stats_username']}\"";?> size="64">
+				<input id="stats_username" name="stats_username" type="text" <?if(isset($pconfig['stats_username'])) echo "value=\"".htmlspecialchars($pconfig['stats_username'])."\"";?> size="64">
 			</td>
 		</tr>
 		
 		<tr class="haproxy_stats_visible" align="left" id='stats_password_row' name='stats_password_row'>
 			<td width="22%" valign="top" class="vncellreq">Stats Password</td>
 			<td width="78%" class="vtable" colspan="2">
-				<input id="stats_password" name="stats_password" type="password" <?if(isset($pconfig['stats_password'])) echo "value=\"{$pconfig['stats_password']}\"";?> size="64">
+				<input id="stats_password" name="stats_password" type="password" <?
+					if(isset($pconfig['stats_password'])) 
+						echo "value=\"".htmlspecialchars($pconfig['stats_password'])."\"";
+					?> size="64">
+				<br/>
+			</td>
+		</tr>
+		<tr class="haproxy_stats_visible" align="left" id='stats_node_admin_row' name='stats_node_enabled_row'>
+			<td width="22%" valign="top" class="vncell">Stats Admin</td>
+			<td width="78%" class="vtable" colspan="2">
+				<input id="stats_admin" name="stats_admin" type="checkbox" value="yes" <?php if ($pconfig['stats_admin']=='yes') echo "checked"; ?>>
 				<br/>
 			</td>
 		</tr>
@@ -600,7 +615,7 @@ set by the 'retries' parameter.</div>
 <br>
 <?php include("fend.inc"); ?>
 <script type="text/javascript">
-	field_counter_js = 6;
+	field_counter_js = 7;
 	rows = 1;
 	totalrows =  <?php echo $counter; ?>;
 	loaded =  <?php echo $counter; ?>;