diff options
23 files changed, 271 insertions, 113 deletions
diff --git a/config/autoconfigbackup/parse_config_upload.php b/config/autoconfigbackup/parse_config_upload.php new file mode 100644 index 00000000..ce592966 --- /dev/null +++ b/config/autoconfigbackup/parse_config_upload.php @@ -0,0 +1,8 @@ +<?php + +if(file_exists("/usr/local/pkg/autoconfigbackup.inc")) { + require_once("/usr/local/pkg/autoconfigbackup.inc"); + upload_config(); +} + +?> diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml index ef229af1..46f1293b 100644 --- a/config/avahi/avahi.xml +++ b/config/avahi/avahi.xml @@ -84,12 +84,12 @@ <additional_files_needed> <prefix>/root/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/avahi/binaries/avahi.tar.gz</item> + <item>http://files.pfsense.org/packages/avahi/avahi.tar.gz</item> </additional_files_needed> <additional_files_needed> <prefix>/root/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.org/packages/config/avahi/binaries/avahi8.tar.gz</item> + <item>http://files.pfsense.org/packages/avahi/avahi8.tar.gz</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> diff --git a/config/dansguardian/dansguardian.inc b/config/dansguardian/dansguardian.inc index b1c79a97..39282409 100755 --- a/config/dansguardian/dansguardian.inc +++ b/config/dansguardian/dansguardian.inc @@ -90,7 +90,7 @@ function check_ca_hashes(){ } } -function sync_package_dansguardian($via_rpc=false,$install_process=false) { +function sync_package_dansguardian($via_rpc="no",$install_process=false) { global $config,$g; # detect boot process @@ -101,7 +101,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) { $boot_process="on"; } - if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc==false){ + if (is_process_running('dansguardian') && isset($boot_process) && $via_rpc=="no"){ log_error("[Dansguardian] - Detected boot process pr:".is_process_running('dansguardian')." bp:".isset($boot_process)." rpc:".$via_rpc); return; } @@ -723,6 +723,7 @@ function sync_package_dansguardian($via_rpc=false,$install_process=false) { 'urlacl'=> "Default", 'group_options' => "scancleancache,infectionbypasserrorsonly", 'reportinglevel'=>'3', + 'group_name_source'=>'name', 'mode'=> "1", 'report_level'=>"global"); @@ -979,7 +980,7 @@ EOF; $cron_found=0; if (is_array($config['cron']['item'])) foreach($config['cron']['item'] as $cron) - if (preg_match("@".DANSGUARDIAN_DIR."/(bin.freshclam|www/dansguardian)@",$cron["command"])) + if (preg_match("@(".DANSGUARDIAN_DIR."|/usr/local)/(bin.freshclam|www/dansguardian)@",$cron["command"])) $cron_found++; else $new_cron['item'][]=$cron; @@ -1062,6 +1063,7 @@ EOF; $cron_cmd="/usr/local/bin/php /usr/local/www/dansguardian_ldap.php"; if (is_array($config['installedpackages']['dansguardiangroups']['config'])) foreach ($config['installedpackages']['dansguardiangroups']['config'] as $dansguardian_groups){ + $dans_group_source=($dansguardian_groups['groupnamesource'] !="" ? $dansguardian_groups['groupnamesource'] : "name"); if(preg_match('/(\d+)m/',$dansguardian_groups['freq'],$matches)){ $new_cron['item'][]=array( "minute" => "*/".$matches[1], "hour" => "*", @@ -1069,7 +1071,7 @@ EOF; "month" => "*", "wday" => "*", "who" => "root", - "command"=> $cron_cmd." ".$dansguardian_groups['name']); + "command"=> "{$cron_cmd} $dans_group_source '{$dansguardian_groups[$dans_group_source]}'"); $config['cron']=$new_cron; $cron_found++; } @@ -1080,7 +1082,7 @@ EOF; "month" => "*", "wday" => "*", "who" => "root", - "command"=> $cron_cmd." ".$dansguardian_groups['name']); + "command"=> "{$cron_cmd} $dans_group_source '{$dansguardian_groups[$dans_group_source]}'"); $config['cron']=$new_cron; $cron_found++; } @@ -1205,7 +1207,7 @@ EOF; #avoid sync during boot process - if (!isset($boot_process)){ + if (!isset($boot_process) || $via_rpc=="yes"){ /* Uses XMLRPC to synchronize the changes to a remote node */ if (is_array($config['installedpackages']['dansguardiansync']['config'])){ $dans_sync=$config['installedpackages']['dansguardiansync']['config'][0]; @@ -1280,7 +1282,7 @@ function dansguardian_validate_input($post, &$input_errors) { } function dansguardian_php_install_command() { - sync_package_dansguardian(false,true); + sync_package_dansguardian("no",true); } function dansguardian_php_deinstall_command() { @@ -1385,7 +1387,7 @@ function dansguardian_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type, /* tell dansguardian to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/dansguardian.inc');\n"; - $execcmd .= "sync_package_dansguardian(true);"; + $execcmd .= "sync_package_dansguardian('yes');"; /* assemble xmlrpc payload */ $params = array( diff --git a/config/dansguardian/dansguardian_groups.xml b/config/dansguardian/dansguardian_groups.xml index fc9ff8a8..aaa9bcd6 100755 --- a/config/dansguardian/dansguardian_groups.xml +++ b/config/dansguardian/dansguardian_groups.xml @@ -386,10 +386,20 @@ <type>listtopic</type> </field> <field> + <fielddescr>LDAP group name source</fielddescr> + <fieldname>groupnamesource</fieldname> + <description><![CDATA[ This option determines where to look for LDAP group/OU name.]]></description> + <type>select</type> + <options> + <option><name>Dansguardian Group Name(default)</name><value>name</value></option> + <option><name>Dansguardian Group Description</name><value>description</value></option> + </options> + </field> + <field> <fielddescr>LDAP</fielddescr> <fieldname>ldap</fieldname> - <description><![CDATA[Select Active directory servers to extract users from<br> - The group must has the same name in dansguardian and on active directory<br> + <description><![CDATA[Select LDAP servers to extract users from<br> + The group must has the same name( or description) in dansguardian and on active directory<br> <strong>This is not aplicable for default group</strong>]]></description> <type>select_source</type> <size>05</size> @@ -399,6 +409,31 @@ <source_value>dc</source_value> </field> <field> + <fielddescr>LDAP user account status</fielddescr> + <fieldname>useraccountcontrol</fieldname> + <description><![CDATA[Import only users with these account status. Leave empty to do not check account status.]]></description> + <type>select</type> + <options> + <option><name>Normal (code 512)</name><value>512</value></option> + <option><name>Disabled Account (code 514)</name><value>514</value></option> + <option><name>Account is Disabled (code 2)</name><value>2</value></option> + <option><name>Account Locked Out (code 16)</name><value>16</value></option> + <option><name>Entered Bad Password (code 17)</name><value>17</value></option> + <option><name>No Password is Required(code 32)</name><value>32</value></option> + <option><name>Password CANNOT Change(code 64)</name><value>64</value></option> + <option><name>Password has Expired (code 8388608)</name><value>8388608</value></option> + <option><name>Account will Never Expire (code 65536)</name><value>65536</value></option> + <option><name>Enabled and Does NOT expire Paswword (code 66048)</name><value>66048</value></option> + <option><name>Server Trusted Account for Delegation (code 8192)</name><value>8192</value></option> + <option><name>Trusted Account for Delegation (code 524288)</name><value>524288</value></option> + <option><name>Enabled, User Cannot Change Password, Password Never Expires (code 590336)</name><value>590336</value></option> + <option><name>Normal Account, Password will not expire and Currently Disabled (code 66050)</name><value>66050</value></option> + <option><name>Account Enabled, Password does not expire, currently Locked out (code 66064)</name><value>66064</value></option> + </options> + <multiple/> + <size>16</size> + </field> + <field> <fielddescr>Update frequency</fielddescr> <fieldname>freq</fieldname> <description><![CDATA[How often extract users from active directory and verify changes<br> diff --git a/config/dansguardian/dansguardian_ldap.php b/config/dansguardian/dansguardian_ldap.php index 33cbee91..01d4764e 100644 --- a/config/dansguardian/dansguardian_ldap.php +++ b/config/dansguardian/dansguardian_ldap.php @@ -56,6 +56,7 @@ function get_ldap_members($group,$user,$password) { global $ldap_host; global $ldap_dn; $LDAPFieldsToFind = array("member"); + print "{$ldap_host} {$ldap_dn}\n"; $ldap = ldap_connect($ldap_host) or die("Could not connect to LDAP"); // OPTIONS TO AD @@ -64,7 +65,10 @@ function get_ldap_members($group,$user,$password) { ldap_bind($ldap, $user, $password) or die("Could not bind to LDAP"); - $results = ldap_search($ldap,$ldap_dn,"cn=" . $group,$LDAPFieldsToFind); + //check if group is just a name or an ldap string + $group_cn=(preg_match("/cn=/i",$group)? $group : "cn={$group}"); + + $results = ldap_search($ldap,$ldap_dn,$group_cn,$LDAPFieldsToFind); $member_list = ldap_get_entries($ldap, $results); $group_member_details = array(); @@ -77,7 +81,8 @@ function get_ldap_members($group,$user,$password) { $member_search = ldap_search($ldap, $ldap_dn, "(CN=" . $member_cn . ")"); $member_details = ldap_get_entries($ldap, $member_search); $group_member_details[] = array($member_details[0]['samaccountname'][0], - $member_details[0]['displayname'][0]); + $member_details[0]['displayname'][0], + $member_details[0]['useraccountcontrol'][0]); } ldap_close($ldap); array_shift($group_member_details); @@ -96,11 +101,12 @@ $apply_config=0; if (is_array($config['installedpackages']['dansguardiangroups']['config'])) foreach($config['installedpackages']['dansguardiangroups']['config'] as $group) { #ignore default group - if ($id > 0) - if ($argv[1] == "" || $argv[1] == $group['name']){ + if ($id > 0){ + $ldap_group_source=(preg_match("/description/",$argv[1]) ? "description" : "name"); + if ($argv[2] == $group[$ldap_group_source]){ $members=""; $ldap_servers= explode (',',$group['ldap']); - echo "Group : " . $group['name']."\n"; + echo "Group : {$group['name']}({$group['description']})\n"; if (is_array($config['installedpackages']['dansguardianldap']['config'])) foreach ($config['installedpackages']['dansguardianldap']['config'] as $server){ if (in_array($server['dc'],$ldap_servers)){ @@ -113,18 +119,28 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config'])) $ldap_username=$server['username']; #$domainuser=split("cn=",$server['username']); #$ldap_username=preg_replace("/,\./","@",$domainuser[1].preg_replace("/(,|)DC=/i",".",$server['dn'])); - $result = get_ldap_members($group['name'],$ldap_username,$server['password']); - foreach($result as $key => $value) { - if (preg_match ("/\w+/",$value[0])){ + $result = get_ldap_members($group[$ldap_group_source],$ldap_username,$server['password']); + if ($group['useraccountcontrol'] !="") + $valid_account_codes=explode(",",$group['useraccountcontrol']); + foreach($result as $mvalue) { + if (preg_match ("/\w+/",$mvalue[0])){ #var_dump($value); - $name= preg_replace('/[^(\x20-\x7F)]*/','', $value[1]); + $name= preg_replace("/&([a-z])[a-z]+;/i", "$1", htmlentities($mvalue[1]));//preg_replace('/[^(\x20-\x7F)]*/','', $mvalue[1]); $pattern[0]="/USER/"; $pattern[1]="/,/"; $pattern[2]="/NAME/"; - $replace[0]=$value[0]; + $replace[0]=$mvalue[0]; $replace[1]="\n"; $replace[2]="$name"; - $members .= preg_replace($pattern,$replace,$mask)."\n"; + + if (is_array($valid_account_codes)){ + if (in_array($mvalue[2],$valid_account_codes,true)) + $members .= preg_replace($pattern,$replace,$mask)."\n"; + } + else + { + $members .= preg_replace($pattern,$replace,$mask)."\n"; + } } } } @@ -144,8 +160,9 @@ if (is_array($config['installedpackages']['dansguardiangroups']['config'])) $apply_config++; } } - } - $id++; + } + } + $id++; } if ($apply_config > 0){ print "User list from LDAP is different from current group, applying new configuration..."; diff --git a/config/dashboard/dashboard.xml b/config/dashboard/dashboard.xml index 7177eed6..c09a2eda 100644 --- a/config/dashboard/dashboard.xml +++ b/config/dashboard/dashboard.xml @@ -57,7 +57,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>077</chmod> - <item>http://www.pfsense.com/packages/config/dashboard/binaries/widgets.tgz</item> + <item>http://files.pfsense.org/packages/widgets.tgz</item> </additional_files_needed> <custom_php_install_command> dashboard_install(); diff --git a/config/dnsblacklist/dnsblacklist.xml b/config/dnsblacklist/dnsblacklist.xml index 1b7c29e5..52c59b35 100644 --- a/config/dnsblacklist/dnsblacklist.xml +++ b/config/dnsblacklist/dnsblacklist.xml @@ -77,7 +77,7 @@ <additional_files_needed> <prefix>/tmp/</prefix> <chmod>0755</chmod> - <item>http://www.pfsense.com/packages/config/dnsblacklist/blacklists.tar.gz</item> + <item>http://files.pfsense.org/packages/blacklists.tar.gz</item> </additional_files_needed> <fields> <field> diff --git a/config/haproxy-devel/haproxy.inc b/config/haproxy-devel/haproxy.inc index 735ab196..66bcf81f 100644 --- a/config/haproxy-devel/haproxy.inc +++ b/config/haproxy-devel/haproxy.inc @@ -867,10 +867,12 @@ function haproxy_load_modules() { function use_transparent_clientip_proxying() { global $config; $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; - foreach ($a_backends as $backend) { - if ($backend["transparent_clientip"] == 'yes') { - return true; - break; + if (is_array($a_backends)) { + foreach ($a_backends as $backend) { + if ($backend["transparent_clientip"] == 'yes') { + return true; + break; + } } } return false; @@ -939,7 +941,8 @@ function haproxy_check_run($reload) { if ($status != "MASTER") { if (haproxy_is_running()) { log_error("Stopping haproxy on CARP backup."); - exec("/bin/pkill -F /var/run/haproxy.pid haproxy"); + //exec("/bin/pkill -F /var/run/haproxy.pid haproxy");//doesnt work for multiple pid's in a pidfile + haproxy_kill(); } return (0); } else if (haproxy_is_running() && $reload == 0) { @@ -951,7 +954,11 @@ function haproxy_check_run($reload) { return (0); if (haproxy_is_running()) { - exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -st `cat /var/run/haproxy.pid` 2>&1", $output, $errcode); + if (isset($a_global['terminate_on_reload'])) + $sf_st = "-st";//terminate old process as soon as the new process is listening + else + $sf_st = "-sf";//finish serving existing connections exit when done, and the new process is listening + exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid $sf_st `cat /var/run/haproxy.pid` 2>&1", $output, $errcode); } else { exec("/usr/local/sbin/haproxy -f /var/etc/haproxy.cfg -p /var/run/haproxy.pid -D 2>&1", $output, $errcode); } @@ -960,11 +967,23 @@ function haproxy_check_run($reload) { return ($errcode); } else { if ($reload && haproxy_is_running()) { - exec("/bin/pkill -F /var/run/haproxy.pid haproxy"); + //exec("/bin/pkill -F /var/run/haproxy.pid haproxy");//doesnt work for multiple pid's in a pidfile + haproxy_kill(); } return (0); } - +} + +function haproxy_kill($killimmediately = true) { + if ($killimmediately) + $signal = "KILL"; // stop now + else + $signal = "USR1"; // stop when all connections are closed + killprocesses("haproxy", "/var/run/haproxy.pid", $signal); +} + +function killprocesses($processname, $pidfile, $signal = "KILL") { + exec("kill -$signal `pgrep -x $processname | grep -w -f $pidfile`"); } function haproxy_do_xmlrpc_sync($sync_to_ip, $password) { diff --git a/config/haproxy-devel/haproxy_global.php b/config/haproxy-devel/haproxy_global.php index 7ff0fb65..dbc55847 100755 --- a/config/haproxy-devel/haproxy_global.php +++ b/config/haproxy-devel/haproxy_global.php @@ -68,6 +68,7 @@ if ($_POST) { if (!$input_errors) { $config['installedpackages']['haproxy']['enable'] = $_POST['enable'] ? true : false; + $config['installedpackages']['haproxy']['terminate_on_reload'] = $_POST['terminate_on_reload'] ? true : false; $config['installedpackages']['haproxy']['maxconn'] = $_POST['maxconn'] ? $_POST['maxconn'] : false; $config['installedpackages']['haproxy']['enablesync'] = $_POST['enablesync'] ? true : false; $config['installedpackages']['haproxy']['synchost1'] = $_POST['synchost1'] ? $_POST['synchost1'] : false; @@ -84,10 +85,10 @@ if ($_POST) { write_config(); } } - } $pconfig['enable'] = isset($config['installedpackages']['haproxy']['enable']); +$pconfig['terminate_on_reload'] = isset($config['installedpackages']['haproxy']['terminate_on_reload']); $pconfig['maxconn'] = $config['installedpackages']['haproxy']['maxconn']; $pconfig['enablesync'] = isset($config['installedpackages']['haproxy']['enablesync']); $pconfig['syncpassword'] = $config['installedpackages']['haproxy']['syncpassword']; @@ -177,9 +178,9 @@ function enable_change(enable_change) { Sets the maximum per-process number of concurrent connections to X.<br/> <strong>NOTE:</strong> setting this value too high will result in HAProxy not being able to allocate enough memory.<br/> <?php - $hascpu = trim(`top | grep haproxy | awk '{ print $6 }'`); - if($hascpu) - echo "<p>Current memory usage {$hascpu}.</p>"; + $memusage = trim(`ps auxw | grep haproxy | grep -v grep | awk '{ print $5 }'`); + if($memusage) + echo "<p>Current memory usage: {$memusage} K.</p>"; ?> </td><td> <table style="border: 1px solid #000;"> @@ -225,6 +226,15 @@ function enable_change(enable_change) { </td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Reload behaviour</td> + <td width="78%" class="vtable"> + <input name="terminate_on_reload" type="checkbox" value="yes" <?php if ($pconfig['terminate_on_reload']) echo "checked"; ?>> + Force immediate stop of old process on reload. (closes existing connections)<br/><br/>Note: when this option is selected connections will be closed when haproxy is restarted. + Otherwise the existing connections will be served by the old haproxy process untill they are closed. + Checking this option will interupt existing connections on a restart. (which happens when the configuration is applied, + but possibly also when pfSense detects an interface comming up or changing its ip-address)</td> + </tr> + <tr> <td valign="top" class="vncell"> Remote syslog host </td> diff --git a/config/haproxy-devel/haproxy_listeners_edit.php b/config/haproxy-devel/haproxy_listeners_edit.php index 05868de7..8f9c2484 100644 --- a/config/haproxy-devel/haproxy_listeners_edit.php +++ b/config/haproxy-devel/haproxy_listeners_edit.php @@ -160,23 +160,32 @@ if ($_POST) { unset($input_errors); $pconfig = $_POST; - $reqdfields = explode(" ", "name type port max_connections"); - $reqdfieldsn = explode(",", "Name,Type,Port,Max connections"); + + if ($pconfig['secondary'] != "yes") { + $reqdfields = explode(" ", "name type port max_connections"); + $reqdfieldsn = explode(",", "Name,Type,Port,Max connections"); + } else { + $reqdfields = explode(" ", "name"); + $reqdfieldsn = explode(",", "Name"); + } + do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); if (preg_match("/[^a-zA-Z0-9\.\-_]/", $_POST['name'])) $input_errors[] = "The field 'Name' contains invalid characters."; - if (!is_numeric($_POST['max_connections'])) - $input_errors[] = "The field 'Max connections' value is not a number."; + if ($pconfig['secondary'] != "yes") { + if (!is_numeric($_POST['max_connections'])) + $input_errors[] = "The field 'Max connections' value is not a number."; - $ports = split(",", $_POST['port'] . ","); - foreach($ports as $port) - if ($port && !is_numeric($port)) - $input_errors[] = "The field 'Port' value is not a number."; + $ports = split(",", $_POST['port'] . ","); + foreach($ports as $port) + if ($port && !is_numeric($port)) + $input_errors[] = "The field 'Port' value is not a number."; - if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout'])) - $input_errors[] = "The field 'Client timeout' value is not a number."; + if ($_POST['client_timeout'] !== "" && !is_numeric($_POST['client_timeout'])) + $input_errors[] = "The field 'Client timeout' value is not a number."; + } /* Ensure that our pool names are unique */ for ($i=0; isset($config['installedpackages']['haproxy']['ha_backends']['item'][$i]); $i++) diff --git a/config/haproxy-devel/haproxy_pool_edit.php b/config/haproxy-devel/haproxy_pool_edit.php index e282504a..4b93632f 100644 --- a/config/haproxy-devel/haproxy_pool_edit.php +++ b/config/haproxy-devel/haproxy_pool_edit.php @@ -608,7 +608,7 @@ FLUSH PRIVILEGES;</pre> <td width="78%" class="vtable" colspan="2"> <input name="monitor_agentport" type="text" <?if(isset($pconfig['monitor_agentport'])) echo "value=\"{$pconfig['monitor_agentport']}\"";?>size="64"> <br/> - Fill in the TCP portnumber the healtcheck should be performed on. + Fill in the TCP portnumber the healthcheck should be performed on. </td> </tr> </table> diff --git a/config/lcdproc/lcdproc.xml b/config/lcdproc/lcdproc.xml index bc03b761..32a8f900 100644 --- a/config/lcdproc/lcdproc.xml +++ b/config/lcdproc/lcdproc.xml @@ -38,22 +38,22 @@ <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc/bin/nexcom.so</item> + <item>http://files.pfsense.org/packages/lcdproc/nexcom.so</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc/bin/SureElec.so</item> + <item>http://files.pfsense.org/packages/lcdproc/SureElec.so</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc/bin/picolcd.so</item> + <item>http://files.pfsense.org/packages/lcdproc/picolcd.so</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> - <item>http://www.pfsense.org/packages/config/lcdproc/bin/libusb.so.2</item> + <item>http://files.pfsense.org/packages/lcdproc/libusb.so.2</item> <prefix>/usr/local/lib/lcdproc/</prefix> <chmod>0755</chmod> </additional_files_needed> diff --git a/config/phpsysinfo/phpsysinfo.xml b/config/phpsysinfo/phpsysinfo.xml index 3cbe4a5b..116643a4 100644 --- a/config/phpsysinfo/phpsysinfo.xml +++ b/config/phpsysinfo/phpsysinfo.xml @@ -75,7 +75,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/phpsysinfo/bin/phpsysinfo-2.5.4.tar.gz</item> + <item>http://files.pfsense.org/packages/phpsysinfo-2.5.4.tar.gz</item> </additional_files_needed> <fields> <field> diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index b564fd47..4378a1f9 100644..100755 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -278,9 +278,10 @@ function check_cron(){ } -function sync_package_postfix($via_rpc=false) { +function sync_package_postfix($via_rpc="no") { global $config; + log_error("sync_package_postfix called with via_rpc={$via_rpc}"); # detect boot process if (is_array($_POST)){ if (preg_match("/\w+/",$_POST['__csrf_magic'])) @@ -289,7 +290,7 @@ function sync_package_postfix($via_rpc=false) { $boot_process="on"; } - if(is_process_running("master") && isset($boot_process) && $via_rpc==false) + if(is_process_running("master") && isset($boot_process) && $via_rpc=="no") return; #check patch in /etc/inc/config. @@ -731,7 +732,7 @@ MASTEREOF2; postfix_start(); #Do not sync during boot - if(!isset($boot_process)) + if(!isset($boot_process) || $via_rpc=="yes") postfix_sync_on_changes(); } @@ -944,7 +945,7 @@ function postfix_do_xmlrpc_sync($sync_to_ip,$username,$password,$sync_type,$sync /* tell postfix to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/postfix.inc');\n"; - $execcmd .= "sync_package_postfix(true);"; + $execcmd .= "sync_package_postfix('yes');"; /* assemble xmlrpc payload */ $params = array( diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index a29fb3c6..1da86847 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -1748,7 +1748,7 @@ function squid_resync_msnt() { chmod(SQUID_CONFBASE."/msntauth.conf", 0600); } -function squid_resync() { +function squid_resync($via_rpc="no") { global $config; # detect boot process @@ -1759,7 +1759,9 @@ function squid_resync() { $boot_process="on"; } - if (is_process_running('squid') && isset($boot_process)) + log_error("[Squid] - Squid_resync function call pr:".is_process_running('squid')." bp:".isset($boot_process)." rpc:".$via_rpc); + + if (is_process_running('squid') && isset($boot_process) && $via_rpc=="no") return; conf_mount_rw(); @@ -1785,7 +1787,7 @@ function squid_resync() { squid_resync_users(); squid_write_rcfile(); - if(!isset($boot_process)) + if(!isset($boot_process) || $via_rpc="yes") squid_sync_on_changes(); #write config file @@ -2295,7 +2297,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { /* set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; - log_error("Beginning squid XMLRPC sync to {$url}:{$port}."); + log_error("[Squid] Beginning squid XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); @@ -2315,20 +2317,20 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { log_error($error); file_notice("sync_settings", $error, "squid Settings Sync", ""); } else { - log_error("squid XMLRPC sync successfully completed with {$url}:{$port}."); + log_error("[Squid] XMLRPC sync successfully completed with {$url}:{$port}."); } /* tell squid to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/squid.inc');\n"; - $execcmd .= "squid_resync();"; + $execcmd .= "squid_resync('yes');"; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - log_error("squid XMLRPC reload data {$url}:{$port}."); + log_error("[Squid] XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); @@ -2340,7 +2342,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { } elseif($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $error = "[Squid] An error code was received while attempting squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "squid Settings Sync", ""); } else { diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index e57b7597..b900a477 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -112,9 +112,12 @@ define('REDIRECT_URL_ARGS', '&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u'); # ------------------------------------------------------------------------------ $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version > 2.0) - define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-' . php_uname("m")); -else +if ($pf_version > 2.0) { + if (file_exists('/usr/pbi/squidguard-squid3-' . php_uname("m"))) + define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-squid3-' . php_uname("m")); + else + define('SQUIDGUARD_LOCALBASE', '/usr/pbi/squidguard-' . php_uname("m")); +} else define('SQUIDGUARD_LOCALBASE','/usr/local'); if (!defined('SQUID_LOCALBASE') && ($pf_version > 2.0)) diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc index a5b8c4e2..651b79b2 100644 --- a/config/vhosts/vhosts.inc +++ b/config/vhosts/vhosts.inc @@ -736,31 +736,31 @@ function vhosts_install_command() { if(stristr(php_uname('r'), '7.2') == TRUE) { if (!file_exists('/usr/local/php5')) { chdir('/usr/local/'); - exec ("fetch http://www.pfsense.com/packages/config/vhosts/freebsd7.2/php5.tar.gz"); + exec ("fetch http://files.pfsense.org/packages/7/vhosts/php5.tar.gz"); exec("tar zxvf /usr/local/php5.tar.gz -C /usr/local/"); exec("rm /usr/local/php5.tar.gz"); } if (!file_exists('/usr/local/lib/libxml2.so.5')) { chdir('/usr/local/lib/'); - exec ("fetch http://www.pfsense.com/packages/config/vhosts/freebsd7.2/usr.local.lib/libxml2.so.5"); + exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so.5"); } if (!file_exists('/usr/local/lib/libxml2.so')) { chdir('/usr/local/lib/'); - exec ("fetch http://www.pfsense.com/packages/config/vhosts/freebsd7.2/usr.local.lib/libxml2.so"); + exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.so"); } if (!file_exists('/usr/local/lib/libxml2.la')) { chdir('/usr/local/lib/'); - exec ("fetch http://www.pfsense.com/packages/config/vhosts/freebsd7.2/usr.local.lib/libxml2.la"); + exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/libxml2.la"); } if (!file_exists('/usr/local/lib/libxml2.a')) { chdir('/usr/local/lib/'); - exec ("fetch http://www.pfsense.com/packages/config/vhosts/freebsd7.2/usr.local.lib/lib/libxml2.a"); + exec ("fetch http://files.pfsense.org/packages/7/vhosts/usr.local.lib/lib/libxml2.a"); } } if(stristr(php_uname('r'), '8.1') == TRUE) { if (!file_exists('/usr/local/php5')) { chdir('/usr/local/'); - exec ("fetch http://www.pfsense.com/packages/config/vhosts/freebsd8.0/php5.tar.gz"); + exec ("fetch http://files.pfsense.org/packages/8/vhosts/php5.tar.gz"); exec("tar zxvf /usr/local/php5.tar.gz -C /usr/local/"); exec("rm /usr/local/php5.tar.gz"); } diff --git a/config/vnstat/vnstat.xml b/config/vnstat/vnstat.xml index 2a0c06f5..63a121a0 100644 --- a/config/vnstat/vnstat.xml +++ b/config/vnstat/vnstat.xml @@ -25,7 +25,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat/bin/vnstat_php_frontend-1.4.1.tar.gz</item> + <item>http://files.pfsense.org/packages/7/vnstat/vnstat_php_frontend-1.4.1.tar.gz</item> </additional_files_needed> <custom_php_resync_config_command></custom_php_resync_config_command> <custom_php_install_command>vnstat_install_config();</custom_php_install_command> diff --git a/config/vnstat2/vnstat2.xml b/config/vnstat2/vnstat2.xml index 08bfc91d..25cd0bcb 100644 --- a/config/vnstat2/vnstat2.xml +++ b/config/vnstat2/vnstat2.xml @@ -48,7 +48,7 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/vnstat_php_frontend-1.4.1.tar.gz</item> + <item>http://files.pfsense.org/packages/8/vnstat/vnstat_php_frontend-1.4.1.tar.gz</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> @@ -68,22 +68,22 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/diag_vnstat.abc</item> + <item>http://files.pfsense.org/packages/8/vnstat/diag_vnstat.abc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/diag_vnstat2.abc</item> + <item>http://files.pfsense.org/packages/8/vnstat/diag_vnstat2.abc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/vnstat2_img.abc</item> + <item>http://files.pfsense.org/packages/8/vnstat/vnstat2_img.abc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0644</chmod> - <item>http://www.pfsense.com/packages/config/vnstat2/bin/vnstati.abc</item> + <item>http://files.pfsense.org/packages/8/vnstat/vnstati.abc</item> </additional_files_needed> <fields> <field> diff --git a/pkg_config.7.xml b/pkg_config.7.xml index 057630c8..30316a74 100755 --- a/pkg_config.7.xml +++ b/pkg_config.7.xml @@ -452,7 +452,7 @@ <descr>A console-based network traffic monitor + vnstat PHP frontend</descr> <pkginfolink>http://forum.pfsense.org/index.php/topic,14179.0.html</pkginfolink> <category>Network Management</category> - <depends_on_package_base_url>http://www.pfsense.com/packages/config/vnstat/bin/</depends_on_package_base_url> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>vnstat-1.6_3.tbz</depends_on_package> <version>1.6.3</version> <status>Stable</status> @@ -470,7 +470,7 @@ <version>2.5.4</version> <status>Beta</status> <required_version>1.0</required_version> - <depends_on_package_base_url>http://www.pfsense.com/packages/config/phpsysinfo/bin/</depends_on_package_base_url> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>mbmon-205_4.tbz</depends_on_package> <config_file>http://www.pfsense.com/packages/config/phpsysinfo/phpsysinfo.xml</config_file> <configurationfile>phpsysinfo.xml</configurationfile> @@ -632,7 +632,7 @@ <website>http://dmr.ath.cx/net/darkstat/</website> <descr>darkstat is a network statistics gatherer. It's a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP.</descr> <category>Network Management</category> - <depends_on_package_base_url>http://www.pfsense.com/packages/config/darkstat/bin/</depends_on_package_base_url> + <depends_on_package_base_url>http://files.pfsense.org/packages/7/All/</depends_on_package_base_url> <depends_on_package>darkstat-3.0.712.tbz</depends_on_package> <depends_on_package>gettext-0.17_1.tbz</depends_on_package> <version>3.0.712</version> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index cdf8522c..3e91e7ee 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -61,20 +61,6 @@ <configurationfile>filer.xml</configurationfile> </package> <package> - <name>IP-Blocklist</name> - <website/> - <descr>IP-Blocklist is PeerGuardian2 but on pfsense. This package has been replaced by pfblocker. <u>This is a legacy app</u></descr> - <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/ipblocklist/8/ipblocklist.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <version>0.3.5</version> - <status>Beta</status> - <required_version>1.2.2</required_version> - <maintainer>tom@tomschaefer.org</maintainer> - <configurationfile>ipblocklist.xml</configurationfile> - </package> - <package> <name>Country Block</name> <website/> <descr>Block countries - This has been replaced by pfblocker. <u>This is a legacy app</u></descr> @@ -1376,6 +1362,26 @@ <configurationfile>squidguard.xml</configurationfile> </package> <package> + <name>squidGuard-squid3</name> + <descr>High perfomance web proxy URL filter. Requires proxy Squid package.</descr> + <website>http://www.squidGuard.org/</website> + <maintainer>dv_serg@mail.ru</maintainer> + <category>Network Management</category> + <version>1.4_4 pkg v.1.9.4</version> + <status>Beta</status> + <required_version>2.2</required_version> + <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>squidguard-squid3-1.4_4-i386.pbi</depends_on_package_pbi> + <build_pbi> + <ports_before>www/squid33 databases/db41 security/cyrus-sasl2</ports_before> + <port>www/squidguard</port> + <custom_name>squidguard-squid3</custom_name> + </build_pbi> + <build_options>OPTIONS_SET=FETCH LDAP SAMPLE_BL SQUID33;OPTIONS_UNSET=DNS_BL DOCS QUOTE_STRING SQUID27 SQUID32;c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <configurationfile>squidguard.xml</configurationfile> + </package> + <package> <name>Zabbix Agent</name> <descr>Monitoring agent.</descr> <category>Services</category> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index e18bd219..1c2c263d 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -61,20 +61,6 @@ <configurationfile>filer.xml</configurationfile> </package> <package> - <name>IP-Blocklist</name> - <website/> - <descr>IP-Blocklist is PeerGuardian2 but on pfsense. This package has been replaced by pfblocker. <u>This is a legacy app</u></descr> - <category>Firewall</category> - <pkginfolink>http://forum.pfsense.org/index.php/topic,24769.0.html</pkginfolink> - <config_file>http://www.pfsense.com/packages/config/ipblocklist/8/ipblocklist.xml</config_file> - <depends_on_package_base_url>http://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <version>0.3.5</version> - <status>Beta</status> - <required_version>1.2.2</required_version> - <maintainer>tom@tomschaefer.org</maintainer> - <configurationfile>ipblocklist.xml</configurationfile> - </package> - <package> <name>Country Block</name> <website/> <descr>Block countries - This has been replaced by pfblocker. <u>This is a legacy app</u></descr> @@ -1363,6 +1349,26 @@ <configurationfile>squidguard.xml</configurationfile> </package> <package> + <name>squidGuard-squid3</name> + <descr>High perfomance web proxy URL filter. Requires proxy Squid package.</descr> + <website>http://www.squidGuard.org/</website> + <maintainer>dv_serg@mail.ru</maintainer> + <category>Network Management</category> + <version>1.4_4 pkg v.1.9.4</version> + <status>Beta</status> + <required_version>2.2</required_version> + <depends_on_package_base_url>http://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> + <depends_on_package_pbi>squidguard-squid3-1.4_4-amd64.pbi</depends_on_package_pbi> + <build_pbi> + <ports_before>www/squid33 databases/db41 security/cyrus-sasl2</ports_before> + <port>www/squidguard</port> + <custom_name>squidguard-squid3</custom_name> + </build_pbi> + <build_options>OPTIONS_SET=FETCH LDAP SAMPLE_BL SQUID33;OPTIONS_UNSET=DNS_BL DOCS QUOTE_STRING SQUID27 SQUID32;c-icap_UNSET=IPV6 squid33_UNSET=AUTH_SMB AUTH_SQL DNS_HELPER FS_COSS ESI SNMP ECAP STACKTRACES STRICT_HTTP TP_IPF TP_IPFW VIA_DB DEBUG DOCS EXAMPLES;squid33_SET=ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF TP_PF MSSL_CRTD WCCP WCCPV2 FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE SSL SSL_CRTD</build_options> + <config_file>http://www.pfsense.org/packages/config/squidGuard/squidguard.xml</config_file> + <configurationfile>squidguard.xml</configurationfile> + </package> + <package> <name>Zabbix Agent</name> <descr>Monitoring agent.</descr> <category>Services</category> diff --git a/pkg_config.xsl b/pkg_config.xsl new file mode 100644 index 00000000..d5df5626 --- /dev/null +++ b/pkg_config.xsl @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="2.0"> + <xsl:output method="html" encoding="UTF-8" indent="yes"/> + <xsl:template match="pfsensepkgs"> + <html> + <head> + <title>pfSense Open Source Firewall Distribution - Packages</title> + <link rel="shortcut icon" href="http://www.pfsense.org/images/favicon.ico"/> + + <link rel="stylesheet" href="templates/modular_plazza/css/template_css.css" type="text/css"/> + <link rel="stylesheet" href="templates/modular_plazza/css/sfish.css" type="text/css"/> + </head> + <body class="bodies"> + <h2>pfSense Package list</h2> + <xsl:apply-templates/> + </body> + </html> + </xsl:template> + + <xsl:template match="packages"> + <xsl:for-each-group select="package" group-by="category"> + <h3> + Category: <xsl:value-of select="current-grouping-key()"/> + </h3> + <xsl:for-each select="current-group()"> + <h4> + <xsl:value-of select="name"/> + </h4> + <span class="version">Version <xsl:value-of select="version"/> </span> + <xsl:choose> + <xsl:when test="status = 'ALPHA'"><span style="color:red">alpha</span></xsl:when> + <xsl:when test="status = 'BETA'"><span style="color:blue">beta</span></xsl:when> + <xsl:otherwise><span style="color:green"><xsl:value-of select="status"/></span></xsl:otherwise> + </xsl:choose> + <br/> + <xsl:value-of select="descr" disable-output-escaping="yes"/> + </xsl:for-each> + </xsl:for-each-group> + </xsl:template> +</xsl:stylesheet> |