3 files changed, 195 insertions, 0 deletions

diff --git a/packages/doorman.xml b/packages/doorman.xml
new file mode 100644
index 00000000..a88dca5d
--- /dev/null
+++ b/packages/doorman.xml
@@ -0,0 +1,93 @@
+<packagegui>
+	<name>doorman</name>
+	<title>Doorman: Settings</title>
+	<aftersaveredirect>pkg_edit.php?xml=freeradiussettings.xml&amp;id=0</aftersaveredirect>
+	<menu>
+		<name>Doorman</name>
+		<tooltiptext>Modify doormand settings and users.</tooltiptext>
+		<section>Services</section>
+		<configfile>doorman.xml</configfile>
+	</menu>
+	<tabs>
+		<tab> 
+                        <text>Settings</text>
+                        <url>/pkg_edit.php?xml=doorman.xml&amp;id=0</url>
+                        <active/>
+                </tab>
+                <tab>
+                        <text>Users</text>
+                        <url>/pkg.php?xml=doormanusers.xml</url>
+                </tab>
+        </tabs>
+	<additional_files_needed>
+		<item>http://www.pfsense.com/packages/config/doormanusers.xml</item>
+	</additional_files_needed>
+	<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
+	<fields>
+		<field>
+			<fielddescr>Initial connection timeout</fielddescr>
+			<fieldname>initdelay</fieldname>
+			<description>Enter the desired number of *microseconds* to wait for a complete 3-way handshake between the client and requested service. (default one half second)</description>
+			<type>input</type>
+			<value>500000</value>
+		</field>
+		<field>
+			<fielddescr>Connection check interval</fielddescr>
+			<fieldname>checkdelay</fieldname>
+			<description>Enter the desired number of *seconds* between checking for broken connections. (default 5 seconds)</description>
+			<type>input</type>
+			<value>5</value>
+		</field>
+		<field>
+			<fielddescr>Connection initiation timeout</fielddescr>
+			<fieldname>inittimeout</fieldname>
+			<description>Enter the desired number of *seconds* to wait for a connection to be established after a successful knock.i (default 10 seconds)</description>
+			<type>input</type>
+			<value>10</value>
+		<field>
+			<fielddescr>Listening interface(s)</fielddescr>
+			<fieldname>interface</fieldname>
+			<description>Select the interfaces that doormand should listen on. (default WAN)</description>
+			<value>wan</value>
+			<type>interfaces_selection</type>
+		</field>
+		<field>
+			<fielddescr>Listening port</fielddescr>
+			<fieldname>port</fieldname>
+			<description>Enter the port that doormand should listen on. (default 1001)</description>	
+			<value>1001</value>
+			<type>input</type>
+		</field>
+	</fields>
+	<custom_php_install_command>
+		global $config;
+		$fout = fopen("/usr/local/etc/rc.d/doormand.sh","w");
+		fwrite($fout, $!/bin/sh\n\n/usr/local/sbin/doormand\n");
+		fclose($fout);
+	</custom_php_install_command>
+	<custom_php_command_before_form>
+	function sync_package_doorman() {
+		if ($_POST == "") $_POST = $config['installedpackages']['doorman']['config'];
+		conf_mount_rw();
+		config_lock();
+		global $config;
+		$fout = fopen("/usr/local/etc/doormand/doormand.cf","w");
+		fwrite($fout, "# This file was automatically generated by the pfSense\n# package management system.\n\n");
+		$int = convert_friendly_interface_to_real_interface_name($_POST['interface']);
+		fwrite($fout, "interface " . $int . "\n");
+		if($_POST['port'] != "") fwrite($fout, "port " . $_POST['port'] . "\n");
+		if($_POST['inittimeout'] != "") fwrite($fout, "waitfor " . $_POST['inittimeout'] . "\n");
+		if($_POST['initdelay'] != "") fwrite($fout, "connection_delay_1 " . $_POST['initdelay'] . "\n");
+		if($_POST['checkdelay'] != "") fwrite($fout, "connection_delay_2 " . $_POST['checkdelay'] . "\n");
+		fwrite($fout, "pidfile /var/run/doormand.pid\nlogfile /var/log/messages\nloglevel NOTICE\nguestlist /usr/local/etc/doormand/guestlist\nfirewall-add /usr/local/etc/doormand/pfctl_add\nfirewall-del /usr/local/etc/doormand/pfctl_del\ntag-queue /var/doorman_tag_queue\ntag-db /var/doorman_tag_db.db\n");
+		fclose($fout);
+		mwexec("killall -HUP doormand");
+		conf_mount_ro();
+		config_unlock();
+		}
+	</custom_php_command_before_form>
+	<custom_add_php_command>
+		sync_package_doorman();
+	</custom_add_php_command>
+</packagegui>
+
diff --git a/packages/doormanusers.xml b/packages/doormanusers.xml
new file mode 100644
index 00000000..a195f2ad
--- /dev/null
+++ b/packages/doormanusers.xml
@@ -0,0 +1,90 @@
+<packagegui>
+	<name>doormanusers</name>
+	<title>Doorman: Users</title>
+	<aftersaveredirect>pkg_edit.php?xml=freeradiussettings.xml&amp;id=0</aftersaveredirect>
+	<menu>
+                <name>Doorman</name>
+                <tooltiptext>Modify doormand settings and users.</tooltiptext>
+                <section>Services</section>
+                <configfile>doorman.xml</configfile>
+        </menu>
+	<tabs>
+		<tab> 
+                        <text>Settings</text>
+                        <url>/pkg_edit.php?xml=doorman.xml&amp;id=0</url>
+                </tab>
+                <tab>
+                        <text>Users</text>
+                        <url>/pkg.php?xml=doormanusers.xml</url>
+			<active/>
+                </tab>
+        </tabs>
+	<configpath>installedpackages->package->$packagename->configuration->settings</configpath>
+	<adddeleteeditpagefields>
+		<columnitem>
+			<fielddescr>Username</fielddescr>
+			<fieldname>username</fieldname>
+		</columnitem>
+		<columnitem>
+			<fielddescr>Ports</fielddescr>
+			<fieldname>ports</fielddescr>
+		</columnitem>
+		<columnitem>
+			<fielddescr>Addresses</fielddescr>
+			<fieldname>addresses</fielddescr>
+		</columnitem>
+		<columnitem>
+			<fielddescr>Description</fielddescr>
+			<fieldname>description</fieldname>
+		</columnitem>
+	</adddeleteeditpagefields>
+	<fields>
+		<field>
+			<fielddescr>Username</fielddescr>
+			<fieldname>username</fieldname>
+			<description>Enter the username here. This may be up to 32 characters in length.</description>
+			<type>input</type>
+		</field>
+		<field>
+			<fielddescr>Password</fielddescr>
+			<fieldname>password</fieldname>
+			<description>Enter the password here. This may be up to 64 characters in length.</description>
+			<type>password</type>
+		</field>
+		<field>
+			<fielddescr>Allowed ports</fielddescr>
+			<fieldname>ports</fieldname>
+			<description>Enter a whitespace-delimited list of the ports or service names *to* which this user may connect.</description>
+			<type>input</type>
+		</field>
+		<field>
+			<fielddescr>Allowed addresses</fielddescr>
+			<fieldname>addresses</fieldname>
+			<description>Enter a whitespace-delimited list of the IP addresses or hostnames *from* which this user may connect. Addresses may be unique or expressed as ranges using CIDR notation.</description>
+			<type>input</type>
+		</field>
+	</fields>
+	<custom_php_command_before_form>
+	function sync_package_doorman_users() {
+		if ($_POST == "") $_POST = $config['installedpackages']['doormanusers']['config'];
+		conf_mount_rw();
+		config_lock();
+		global $config;
+		$fout = fopen("/usr/local/etc/doormand/guestlist","w");
+		fwrite($fout, "# This file was automatically generated by the pfSense\n# package management system.\n\n");
+		if($config['installedpackages']['doormanusers']['config'] != "") {
+			foreach($config['installedpackages']['doormanusers']['config'] as $rowhelper) {
+				fwrite($fout, $rowhelper['username'] . "\t" . $rowhelper['password'] . "\n\t" . $rowhelper['ports'] . "\n\t" . $rowhelper['addresses'] . "\n\n");
+			}
+		}
+		fclose($fout);
+		mwexec("killall -HUP doormand");
+		conf_mount_ro();
+		config_unlock();
+		}
+	</custom_php_command_before_form>
+	<custom_add_php_command>
+		sync_package_doorman_users();
+	</custom_add_php_command>
+</packagegui>
+
diff --git a/pkg_config.xml b/pkg_config.xml
index 75a88c1d..39634884 100644
--- a/pkg_config.xml
+++ b/pkg_config.xml
@@ -213,6 +213,18 @@
           <status>ALPHA</status>
           <configurationfile>netio.xml</configurationfile>
     </package>
+    <package>
+          <name>doorman</name>
+          <website>http://doorman.sourceforge.net</website>
+          <descr>Doorman is a port knocking implementation which allows a server to run silently, invisibly, with all TCP ports closed except to those who know the secret knock.</descr>
+          <category>Services</category>
+          <config_file>http://www.pfsense.com/packages/config/doorman.xml</config_file>
+          <depends_on_package_base_url>http://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-5-stable/All</depends_on_package_base_url>
+          <depends_on_package>doorman-0.8.tbz</depends_on_package>
+          <version>0.8</version>
+          <status>ALPHA</status>
+          <configurationfile>doorman.xml</configurationfile>
+    </package>
   </packages>
     <package>
           <name>hula</name>