diff options
226 files changed, 14645 insertions, 13915 deletions
diff --git a/config/apache_mod_security/apache_mod_security.inc b/config/apache_mod_security/apache_mod_security.inc index 8bcf3ddd..69cc2126 100644 --- a/config/apache_mod_security/apache_mod_security.inc +++ b/config/apache_mod_security/apache_mod_security.inc @@ -1,8 +1,9 @@ <?php /* apache_mod_security.inc - part of apache_mod_security package (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2009, 2010 Scott Ullrich + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,64 +27,31 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once("/etc/inc/pkg-utils.inc"); -// Rules directory location -define("rules_directory", "/usr/local/apachemodsecurity/rules"); - -// Ensure NanoBSD can write. pkg_mgr will remount RO -conf_mount_rw(); - -// Needed mod_security directories -if(!is_dir("/usr/local/apachemodsecurity")) - safe_mkdir("/usr/local/apachemodsecurity"); -if(!is_dir("/usr/local/apachemodsecurity/rules")) - safe_mkdir("/usr/local/apachemodsecurity/rules"); - -// Startup function -function apache_mod_security_start() { - exec("/usr/local/sbin/httpd -k start"); -} - -// Shutdown function -function apache_mod_security_stop() { - exec("/usr/local/sbin/httpd -k stop"); +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { + define('APACHEDIR', '/usr/pbi/proxy_mod_security-' . php_uname("m") . "/local"); +} else { + define('APACHEDIR', '/usr/local'); } +define('APACHEVERSION', 'apache22'); -// Restart function -function apache_mod_security_restart() { - if(is_process_running("httpd")) { - exec("/usr/local/sbin/httpd -k graceful"); - } else { - apache_mod_security_start(); - } -} +// Rules directory location +define('RULES_DIR', '/usr/local/apachemodsecurity/rules'); -// Install function +// Install package routines function apache_mod_security_install() { global $config, $g; - // We might be reinstalling and a configuration - // already exists. + safe_mkdir("/usr/local/apachemodsecurity/rules"); + // We might be reinstalling and a configuration already exists. generate_apache_configuration(); $filename = "apache_mod_security.sh"; + $start = APACHEDIR . "/sbin/httpd -k start"; + $stop = APACHEDIR . "/sbin/httpd -k stop"; - $start = "/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDPHP - <?php - require_once(\"functions.inc\"); - require_once(\"/usr/local/pkg/apache_mod_security.inc\"); - apache_mod_security_start(); - ?> -ENDPHP\n"; - - $stop = "/usr/local/bin/php -q -d auto_prepend_file=config.inc <<ENDPHP - <?php - require_once(\"functions.inc\"); - require_once(\"/usr/local/pkg/apache_mod_security.inc\"); - apache_mod_security_stop(); - ?> -ENDPHP\n"; - write_rcfile(array( "file" => $filename, "start" => $start, @@ -94,148 +62,93 @@ ENDPHP\n"; // Deinstall package routines function apache_mod_security_deinstall() { + if (is_dir("/usr/local/apachemodsecurity")) { + mwexec("/bin/rm -rf /usr/local/apachemodsecurity"); + } + if (is_dir("/var/db/apachemodsecuritycache")) { + mwexec("/bin/rm -rf /var/db/apachemodsecuritycache"); + } +} + +// Check Apache configuration syntax +function apache_mod_security_checkconfig() { global $config, $g; - apache_mod_security_stop(); - exec("/bin/rm -rf /usr/local/apachemodsecurity"); - exec("/bin/rm -f /usr/local/etc/rc.d/apache_mod_security.sh"); + $status = mwexec(APACHEDIR . "/sbin/httpd -t"); + if ($status) { + $input_errors[] = "[apache_mod_security]: There was an error parsing the Apache configuration: {$status}"; + log_error("[apache_mod_security]: There was an error parsing the Apache configuration: {$status}"); + } +} + +// Restart service function +function apache_mod_security_restart() { + if (is_process_running("httpd")) { + mwexec(APACHEDIR . "/sbin/httpd -k graceful"); + } else { + start_service("apache_mod_security"); + } } // Regenerate apache configuration and handle server restart function apache_mod_security_resync() { global $config, $g; - apache_mod_security_install(); - if(!file_exists(rules_directory . "/10_asl_rules.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/10_asl_rules.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/10_asl_rules.conf"); - if(!file_exists(rules_directory . "/a_exclude.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/a_exclude.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/a_exclude.conf"); - if(!file_exists(rules_directory . "/blacklist.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/blacklist.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/blacklist.conf"); - if(!file_exists(rules_directory . "/default.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/rules/default.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/default.conf"); - if(!file_exists(rules_directory . "/recons.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/recons.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/recons.conf"); - if(!file_exists(rules_directory . "/rootkits.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/rootkits.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/rootkits.conf"); - if(!file_exists(rules_directory . "/useragents.conf")) - exec("/usr/bin/fetch -q -o " . rules_directory . "/useragents.conf https://packages.pfsense.org/packages/config/apache_mod_security/rules/useragents.conf"); + generate_apache_configuration(); apache_mod_security_checkconfig(); apache_mod_security_restart(); } -function apache_mod_security_checkconfig() { - global $config, $g; - $status = mwexec("/usr/local/sbin/httpd -t"); - if($status) { - $input_error = "apache_mod_security_package: There was an error parsing the Apache configuration: {$status}"; - log_error("apache_mod_security_package: There was an error parsing the Apache configuration: {$status}"); - } -} - // Generate mod_proxy specific configuration function generate_apache_configuration() { - global $config, $g; - $mod_proxy = ""; + global $config, $g, $modsec_config; + $modsec_config =& $config['installedpackages']['apachemodsecuritysettings']['config'][0]; // Set global site e-mail - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalsiteadminemail']) { - $global_site_email = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalsiteadminemail']; - } else { - $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalsiteadminemail'] = "admin@admin.com"; - $global_site_email = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalsiteadminemail']; - // update configuration with default value in this case - write_config($pkg['addedit_string']); - log_error("WARNING! Global site Administrator E-Mail address has not been set. Defaulting to bogus e-mail address."); - } + $global_site_email = $modsec_config['globalsiteadminemail'] ?: "admin@example.com"; // Set ServerName - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['hostname']) { - $servername = "ServerName {$config['installedpackages']['apachemodsecuritysettings']['config'][0]['hostname']}\n"; + if ($modsec_config['hostname']) { + $servername = "ServerName {$modsec_config['hostname']}\n"; } else { - $servername = "ServerName " . `hostname` . "\n"; - $config['installedpackages']['apachemodsecuritysettings']['config'][0]['hostname'] = `hostname`; - // update configuration with default value in this case - write_config($pkg['addedit_string']); + $servername = "ServerName " . $config['system']['hostname'] . "\n"; } // Set global listening directive and ensure nothing is listening on this port already - $globalbind = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoipaddr']; - $socksstat = split("\n", `/usr/bin/sockstat | awk '{ print $6 }' | grep ":{$globalbind}" | cut -d ":" -f2`); - if(is_array($socksstat)) { - foreach($socksstat as $ss) { - if($ss == $globalbind) { - $already_binded = true; - $input_errors[] = "Sorry, there is a process already listening on port {$globalbind}"; - } - } + $global_listen = $modsec_config['globalbindtoipaddr'] ?: ""; + if ($modsec_config['globalbindtoport']) { + $global_listen .= ":" . $modsec_config['globalbindtoport']; + } else { + $global_listen .= ":80"; } -// if(!$already_binded) { - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoipaddr']) { - $global_listen = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoipaddr']; - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoport']) - $global_listen .= ":" . $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoport']; - else - $global_listen .= ":80"; - } else { - $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoipaddr'] = ""; - $global_listen = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoipaddr']; - // update configuration with default value in this case - write_config($pkg['addedit_string']); - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoport']) - $global_listen .= ":" . $config['installedpackages']['apachemodsecuritysettings']['config'][0]['globalbindtoport']; - else - $global_listen .= ":80"; - } -// } else { -// log_error("Could not start mod_security + mod_proxy on port {$global_listen}. Process is already bound to this port."); -// } - + // Setup mem_cache - if(file_exists("/usr/local/libexec/apache22/mod_mem_cache.so")) { - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache']) { - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache_size']) - $mcachesize = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_mem_cache_size']; - else - $mcachesize = "100"; - //$mem_cache = "MCacheSize $mcachesize\n"; + if (file_exists(APACHEDIR . "/libexec/" . APACHEVERSION . "/mod_mem_cache.so")) { + if ($modsec_config['mod_mem_cache']) { + $mcachesize = $modsec_config['mod_mem_cache_size'] ?: "100"; + $mem_cache = "MCacheSize $mcachesize\n"; } } - // CacheRoot Directive - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['mod_disk_cache']) { + // Setup mod_disk_cache + if ($modsec_config['mod_disk_cache']) { safe_mkdir("/var/db/apachemodsecuritycache"); $cache_root .= "CacheRoot /var/db/apachemodsecuritycache\n"; + $dcachemaxfilesize = $modsec_config['mod_disk_cache_max_filesize'] ?: "1000000"; + $disk_cache = "CacheMaxFileSize $dcachemaxfilesize\n"; } // SecRequestBodyInMemoryLimit Directive - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodyinmemorylimit']) - $secrequestbodyinmemorylimit = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodyinmemorylimit']; - else - $secrequestbodyinmemorylimit = "131072"; + $secrequestbodyinmemorylimit = $modsec_config['secrequestbodyinmemorylimit'] ?: "131072"; // SecRequestBodyLimit - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodylimit']) - $secrequestbodylimit = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secrequestbodylimit']; - else - $secrequestbodylimit = "10485760"; + $secrequestbodylimit = $modsec_config['secrequestbodylimit'] ?: "10485760"; // ErrorDocument - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['errordocument']) - $errordocument = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['errordocument']; - else - $errordocument = ""; + $errordocument = isset($modsec_config['errordocument_custom']) ? preg_replace("/\r\n/", "\n", base64_decode($modsec_config['errordocument_custom'])) : ""; // SecAuditEngine - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['secauditengine']) - $secauditengine = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['secauditengine']; - else - $secauditengine = "RelevantOnly"; - - // SecReadStateLimit - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['SecReadStateLimit']) - $secreadstatelimit = "SecReadStateLimit " . $config['installedpackages']['apachemodsecuritysettings']['config'][0]['SecReadStateLimit'] ."\n"; - else - $secreadstatelimit = ""; + $secauditengine = $modsec_config['secauditengine'] ?: "RelevantOnly"; + $mod_proxy = ""; $mod_proxy .= <<<EOF # Off when using ProxyPass @@ -248,7 +161,7 @@ ProxyRequests off EOF; - /* + /* ##################################################### # Format for the Proxy servers: # Please do not delete these from the source file @@ -281,36 +194,37 @@ EOF; $configuredaliases = array(); // Read already configured addresses - if($config['installedpackages']['apachemodsecuritysettings']['config']['0']) { - foreach($config['installedpackages']['apachemodsecuritysettings']['config']['0']['row'] as $row) { + if ($modsec_config) { + foreach ($modsec_config['row'] as $row) { if ($row['ipaddress'] && $row['ipport']) { - $configuredaliases[] = $row; + $configuredaliases[] = $row; } } - } + } // clear list of bound addresses - $config['installedpackages']['apachemodsecuritysettings']['config'][0]['row'] = array(); + $modsec_config['row'] = array(); // Process proxy sites // Configure NameVirtualHost directives $aliases = ""; $processed = array(); - if($config['installedpackages']['apachemodsecurity']) { + if ($config['installedpackages']['apachemodsecurity']) { foreach($config['installedpackages']['apachemodsecurity']['config'] as $ams) { - if($ams['ipaddress'] && $ams['port']) + if ($ams['ipaddress'] && $ams['port']) { $local_ip_port = "{$ams['ipaddress']}:{$ams['port']}"; - else + } else { $local_ip_port = $global_listen; + } // Do not add entries twice. - if(!in_array($local_ip_port, $processed)) { + if (!in_array($local_ip_port, $processed)) { // explicit bind if not global ip:port if ($local_ip_port != $global_listen) { $aliases .= "Listen $local_ip_port\n"; // Automatically add this to configuration - $config['installedpackages']['apachemodsecuritysettings']['config'][0]['row'][] = array('ipaddress' => $ams['ipaddress'], 'ipport' => $ams['port']); + $modsec_config['row'][] = array('ipaddress' => $ams['ipaddress'], 'ipport' => $ams['port']); } $mod_proxy .= "NameVirtualHost $local_ip_port\n"; $processed[] = $local_ip_port; @@ -318,36 +232,34 @@ EOF; } } -//** Uncomment to allow adding ip/ports not used by any site proxies -//** Otherwise unused addresses/ports will be automatically deleted from the configuration -// foreach ($configuredaliases as $ams) { -// $local_ip_port = "{$ams['ipaddress']}:{$ams['ipport']}"; -// if(!in_array($local_ip_port, $processed)) { -// // explicit bind if not global ip:port -// if ($local_ip_port != $global_listen) { -// $aliases .= "Listen $local_ip_port\n"; -// // Automatically add this to configuration -// $config['installedpackages']['apachemodsecuritysettings']['config'][0]['row'][] = array('ipaddress' => $ams['ipaddress'], 'ipport' => $ams['ipport']); -// } -// } -// } - - // update configuration with actual ip bindings - write_config($pkg['addedit_string']); - +/* Uncomment to allow adding ip/ports not used by any site proxies */ +/* Otherwise unused addresses/ports will be automatically deleted from the configuration */ +/* + foreach ($configuredaliases as $ams) { + $local_ip_port = "{$ams['ipaddress']}:{$ams['ipport']}"; + if (!in_array($local_ip_port, $processed)) { + // explicit bind if not global ip:port + if ($local_ip_port != $global_listen) { + $aliases .= "Listen $local_ip_port\n"; + // Automatically add this to configuration + $modsec_config['row'][] = array('ipaddress' => $ams['ipaddress'], 'ipport' => $ams['ipport']); + } + } + } +*/ // Setup mod_proxy entries $mod_proxy - if($config['installedpackages']['apachemodsecurity']) { - foreach($config['installedpackages']['apachemodsecurity']['config'] as $ams) { + if ($config['installedpackages']['apachemodsecurity']) { + foreach ($config['installedpackages']['apachemodsecurity']['config'] as $ams) { // Set rowhelper used variables $additionalsitehostnames = ""; foreach($ams['row'] as $row) { if ($row['additionalsitehostnames']) { $additionalsitehostnames .= "{$row['additionalsitehostnames']} "; - } - } - $backend_sites = ""; - $sslproxyengine = ""; + } + } + $backend_sites = ""; + $sslproxyengine = ""; $backend_sites_count = 0; $balancer_members = ""; // not technically needed. foreach($ams['row'] as $row) { @@ -360,10 +272,10 @@ EOF; // Ensure leading http(s):// $normalised_ipaddr .= "http://"; } - $normalised_ipaddr .= trim($row['webserveripaddr']); + $normalised_ipaddr .= trim($row['webserveripaddr']); $balancer_members .= " BalancerMember " . $normalised_ipaddr . "\n"; // Ensure trailing / - if(substr($normalised_ipaddr,-1) != "/") { + if (substr($normalised_ipaddr,-1) != "/") { $normalised_ipaddr .= "/"; } $backend_sites .= $normalised_ipaddr . " "; @@ -371,20 +283,23 @@ EOF; } } // Set general items - if($ams['siteemail']) + if ($ams['siteemail']) { $serveradmin = $ams['siteemail']; - else + } else { $serveradmin = $global_site_email; - if($ams['primarysitehostname']) + } + if ($ams['primarysitehostname']) { $primarysitehostname = $ams['primarysitehostname']; - $sitename = str_replace(" ", "", $ams['sitename']); + } + $sitename = str_replace(" ", "", $ams['sitename']); // Set local listening directive - if($ams['ipaddress'] && $ams['port']) + if ($ams['ipaddress'] && $ams['port']) { $local_ip_port = "{$ams['ipaddress']}:{$ams['port']}"; - else + } else { $local_ip_port = $global_listen; + } // Is this item a load balancer - if($backend_sites_count>1) { + if ($backend_sites_count > 1) { $balancer = true; $mod_proxy .= "<Proxy balancer://{$sitename}>\n"; $mod_proxy .= $balancer_members; @@ -393,63 +308,76 @@ EOF; $sitename = ""; // we are not using sitename in this case } // Set SSL items - if($ams['siteurl']) + if ($ams['siteurl']) { $siteurl = $ams['siteurl']; - if($ams['certificatefile']) + } + if ($ams['certificatefile']) { $certificatefile = $ams['certificatefile']; - if($ams['certificatekeyfile']) + } + if ($ams['certificatekeyfile']) { $certificatekeyfile = $ams['certificatekeyfile']; - if($ams['certificatechainfile']) + } + if ($ams['certificatechainfile']) { $certificatechainfile = $ams['certificatechainfile']; + } // Begin VirtualHost $mod_proxy .= "\n<VirtualHost {$local_ip_port}>\n"; - if($siteurl == "HTTPS" && $certificatefile && $certificatekeyfile) { + if ($siteurl == "HTTPS" && $certificatefile && $certificatekeyfile) { $mod_proxy .= " SSLEngine on\n"; - if ($certificatefile) - $mod_proxy .= " SSLCertificateFile /usr/local/etc/apache22/$certificatefile\n"; - if ($certificatekeyfile) - $mod_proxy .= " SSLCertificateKeyFile /usr/local/etc/apache22/$certificatekeyfile\n"; - if ($certificatechainfile) - $mod_proxy .= " SSLCertificateChainFile /usr/local/etc/apache22/$certificatechainfile\n"; + if ($certificatefile) { + $mod_proxy .= " SSLCertificateFile " . APACHEDIR . "/etc/" . APACHEVERSION . "/{$certificatefile}\n"; + } + if ($certificatekeyfile) { + $mod_proxy .= " SSLCertificateKeyFile " . APACHEDIR . "/etc/" . APACHEVERSION . "/{$certificatekeyfile}\n"; + } + if ($certificatechainfile) { + $mod_proxy .= " SSLCertificateChainFile " . APACHEDIR . "/etc" . APACHEVERSION . "/{$certificatechainfile}\n"; + } } - if($sslproxyengine) + if ($sslproxyengine) { $mod_proxy .= " {$sslproxyengine}\n"; - if($additionalsitehostnames) - $mod_proxy .= " ServerAlias $additionalsitehostnames\n"; - if($serveradmin) - $mod_proxy .= " ServerAdmin $serveradmin\n"; - if($primarysitehostname) - $mod_proxy .= " ServerName $primarysitehostname \n"; - if($backend_sites) { + } + if ($additionalsitehostnames) { + $mod_proxy .= " ServerAlias {$additionalsitehostnames}\n"; + } + if ($serveradmin) { + $mod_proxy .= " ServerAdmin {$serveradmin}\n"; + } + if ($primarysitehostname) { + $mod_proxy .= " ServerName {$primarysitehostname} \n"; + } + if ($backend_sites) { $mod_proxy .= " ProxyPassReverse /{$sitename} {$backend_sites}\n"; $mod_proxy .= " ProxyPass / {$backend_sites}\n"; } - if($ams['preserveproxyhostname']) + if ($ams['preserveproxyhostname']) { $mod_proxy .= " ProxyPreserveHost on\n"; + } $mod_proxy .= "</VirtualHost>\n\n"; - // End VirtualHost + // End VirtualHost } } - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['modsecuritycustom']) - $mod_security_custom = $config['installedpackages']['apachemodsecuritysettings']['config'][0]['modsecuritycustom']; - - // Process and include rules - if(is_dir(rules_directory)) { - $mod_security_rules = ""; - $files = return_dir_as_array(rules_directory); - foreach($files as $file) { - if(file_exists(rules_directory . "/" . $file)) { - // XXX: TODO integrate snorts rule on / off thingie - $file_txt = file_get_contents(rules_directory . "/" . $file); - $mod_security_rules .= $file_txt . "\n"; + + // Mod_security enabled? + if ($modsec_config['enablemodsecurity']) { + + // Process and include rules + if (is_dir(RULES_DIR)) { + $mod_security_rules = ""; + $files = return_dir_as_array(RULES_DIR); + foreach ($files as $file) { + if (file_exists(RULES_DIR . "/" . $file)) { + // XXX: TODO integrate snorts rule on / off thingie + $file_txt = file_get_contents(RULES_DIR . "/" . $file); + $mod_security_rules .= $file_txt . "\n"; + } } } - } - // Mod_security enabled? - if($config['installedpackages']['apachemodsecuritysettings']['config'][0]['enablemodsecurity']) { - $enable_mod_security = true; + // Custom mod_security rules + $mod_security_custom = isset($modsec_config['modsecuritycustom_adv']) ? preg_replace("/\r\n/", "\n", base64_decode($modsec_config['modsecuritycustom_adv'])) : ""; + $mod_security = <<< EOF <IfModule mod_security.c> @@ -490,9 +418,6 @@ EOF; # Only allow bytes from this range SecFilterForceByteRange 1 255 - # Help prevent the effects of a Slowloris-type of attack - # $secreadstatelimit - # Cookie format checks. SecFilterCheckCookieFormat On @@ -511,9 +436,13 @@ EOF; } -if(file_exists("/usr/local/libexec/apache22/mod_mem_cache.so")) - $mod_mem_cacheLoad = "Module mem_cache_module libexec/apache22/mod_mem_cache.so\n"; - + // Cannot use constants to replace stuff in the template + $apache_dir = APACHEDIR; + $apache_version = APACHEVERSION; + if (file_exists(APACHEDIR . "/libexec/" . APACHEVERSION . "/mod_mem_cache.so")) { + $mod_mem_cache = "LoadModule mem_cache_module libexec/{$apache_version}/mod_mem_cache.so\n"; + } + $apache_config = <<<EOF ################################################################################## # NOTE: This file was generated by the pfSense package management system. # @@ -526,13 +455,13 @@ if(file_exists("/usr/local/libexec/apache22/mod_mem_cache.so")) # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. # See <URL:http://httpd.apache.org/docs/2.2> for detailed information. -# In particular, see +# In particular, see # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. +# consult the online docs. You have been warned. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the @@ -550,14 +479,14 @@ if(file_exists("/usr/local/libexec/apache22/mod_mem_cache.so")) # at a local disk. If you wish to share the same ServerRoot for multiple # httpd daemons, you will need to change at least LockFile and PidFile. # -ServerRoot "/usr/local" +ServerRoot "{$apache_dir}" # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # -# Change this to Listen on specific IP addresses as shown below to +# Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # Listen {$global_listen} @@ -577,67 +506,67 @@ Listen {$global_listen} # # have to place corresponding `LoadModule' lines at this location so the # LoadModule foo_module modules/mod_foo.so -LoadModule authn_file_module libexec/apache22/mod_authn_file.so -LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so -LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so -LoadModule authn_default_module libexec/apache22/mod_authn_default.so -LoadModule authn_alias_module libexec/apache22/mod_authn_alias.so -LoadModule authz_host_module libexec/apache22/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache22/mod_authz_user.so -LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so -LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so -LoadModule authz_default_module libexec/apache22/mod_authz_default.so -LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so -LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so -LoadModule file_cache_module libexec/apache22/mod_file_cache.so -LoadModule cache_module libexec/apache22/mod_cache.so -LoadModule disk_cache_module libexec/apache22/mod_disk_cache.so -LoadModule dumpio_module libexec/apache22/mod_dumpio.so -LoadModule include_module libexec/apache22/mod_include.so -LoadModule filter_module libexec/apache22/mod_filter.so -LoadModule charset_lite_module libexec/apache22/mod_charset_lite.so -LoadModule deflate_module libexec/apache22/mod_deflate.so -LoadModule log_config_module libexec/apache22/mod_log_config.so -LoadModule logio_module libexec/apache22/mod_logio.so -LoadModule env_module libexec/apache22/mod_env.so -LoadModule mime_magic_module libexec/apache22/mod_mime_magic.so -LoadModule cern_meta_module libexec/apache22/mod_cern_meta.so -LoadModule expires_module libexec/apache22/mod_expires.so -LoadModule headers_module libexec/apache22/mod_headers.so -LoadModule usertrack_module libexec/apache22/mod_usertrack.so -LoadModule unique_id_module libexec/apache22/mod_unique_id.so -LoadModule setenvif_module libexec/apache22/mod_setenvif.so -LoadModule version_module libexec/apache22/mod_version.so -LoadModule proxy_module libexec/apache22/mod_proxy.so -LoadModule proxy_connect_module libexec/apache22/mod_proxy_connect.so -LoadModule proxy_ftp_module libexec/apache22/mod_proxy_ftp.so -LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so -LoadModule proxy_ajp_module libexec/apache22/mod_proxy_ajp.so -LoadModule proxy_balancer_module libexec/apache22/mod_proxy_balancer.so -LoadModule ssl_module libexec/apache22/mod_ssl.so -LoadModule mime_module libexec/apache22/mod_mime.so -LoadModule status_module libexec/apache22/mod_status.so -LoadModule autoindex_module libexec/apache22/mod_autoindex.so -LoadModule asis_module libexec/apache22/mod_asis.so -LoadModule info_module libexec/apache22/mod_info.so -LoadModule cgi_module libexec/apache22/mod_cgi.so -LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so -LoadModule negotiation_module libexec/apache22/mod_negotiation.so -LoadModule dir_module libexec/apache22/mod_dir.so -LoadModule imagemap_module libexec/apache22/mod_imagemap.so -LoadModule actions_module libexec/apache22/mod_actions.so -LoadModule speling_module libexec/apache22/mod_speling.so -LoadModule userdir_module libexec/apache22/mod_userdir.so -LoadModule alias_module libexec/apache22/mod_alias.so -LoadModule rewrite_module libexec/apache22/mod_rewrite.so +LoadModule authn_file_module libexec/{$apache_version}/mod_authn_file.so +LoadModule authn_dbm_module libexec/{$apache_version}/mod_authn_dbm.so +LoadModule authn_anon_module libexec/{$apache_version}/mod_authn_anon.so +LoadModule authn_default_module libexec/{$apache_version}/mod_authn_default.so +LoadModule authn_alias_module libexec/{$apache_version}/mod_authn_alias.so +LoadModule authz_host_module libexec/{$apache_version}/mod_authz_host.so +LoadModule authz_groupfile_module libexec/{$apache_version}/mod_authz_groupfile.so +LoadModule authz_user_module libexec/{$apache_version}/mod_authz_user.so +LoadModule authz_dbm_module libexec/{$apache_version}/mod_authz_dbm.so +LoadModule authz_owner_module libexec/{$apache_version}/mod_authz_owner.so +LoadModule authz_default_module libexec/{$apache_version}/mod_authz_default.so +LoadModule auth_basic_module libexec/{$apache_version}/mod_auth_basic.so +LoadModule auth_digest_module libexec/{$apache_version}/mod_auth_digest.so +LoadModule file_cache_module libexec/{$apache_version}/mod_file_cache.so +LoadModule cache_module libexec/{$apache_version}/mod_cache.so +LoadModule disk_cache_module libexec/{$apache_version}/mod_disk_cache.so +LoadModule dumpio_module libexec/{$apache_version}/mod_dumpio.so +LoadModule include_module libexec/{$apache_version}/mod_include.so +LoadModule filter_module libexec/{$apache_version}/mod_filter.so +LoadModule charset_lite_module libexec/{$apache_version}/mod_charset_lite.so +LoadModule deflate_module libexec/{$apache_version}/mod_deflate.so +LoadModule log_config_module libexec/{$apache_version}/mod_log_config.so +LoadModule logio_module libexec/{$apache_version}/mod_logio.so +LoadModule env_module libexec/{$apache_version}/mod_env.so +LoadModule mime_magic_module libexec/{$apache_version}/mod_mime_magic.so +LoadModule cern_meta_module libexec/{$apache_version}/mod_cern_meta.so +LoadModule expires_module libexec/{$apache_version}/mod_expires.so +LoadModule headers_module libexec/{$apache_version}/mod_headers.so +LoadModule usertrack_module libexec/{$apache_version}/mod_usertrack.so +LoadModule unique_id_module libexec/{$apache_version}/mod_unique_id.so +LoadModule setenvif_module libexec/{$apache_version}/mod_setenvif.so +LoadModule version_module libexec/{$apache_version}/mod_version.so +LoadModule proxy_module libexec/{$apache_version}/mod_proxy.so +LoadModule proxy_connect_module libexec/{$apache_version}/mod_proxy_connect.so +LoadModule proxy_ftp_module libexec/{$apache_version}/mod_proxy_ftp.so +LoadModule proxy_http_module libexec/{$apache_version}/mod_proxy_http.so +LoadModule proxy_ajp_module libexec/{$apache_version}/mod_proxy_ajp.so +LoadModule proxy_balancer_module libexec/{$apache_version}/mod_proxy_balancer.so +LoadModule ssl_module libexec/{$apache_version}/mod_ssl.so +LoadModule mime_module libexec/{$apache_version}/mod_mime.so +LoadModule status_module libexec/{$apache_version}/mod_status.so +LoadModule autoindex_module libexec/{$apache_version}/mod_autoindex.so +LoadModule asis_module libexec/{$apache_version}/mod_asis.so +LoadModule info_module libexec/{$apache_version}/mod_info.so +LoadModule cgi_module libexec/{$apache_version}/mod_cgi.so +LoadModule vhost_alias_module libexec/{$apache_version}/mod_vhost_alias.so +LoadModule negotiation_module libexec/{$apache_version}/mod_negotiation.so +LoadModule dir_module libexec/{$apache_version}/mod_dir.so +LoadModule imagemap_module libexec/{$apache_version}/mod_imagemap.so +LoadModule actions_module libexec/{$apache_version}/mod_actions.so +LoadModule speling_module libexec/{$apache_version}/mod_speling.so +LoadModule userdir_module libexec/{$apache_version}/mod_userdir.so +LoadModule alias_module libexec/{$apache_version}/mod_alias.so +LoadModule rewrite_module libexec/{$apache_version}/mod_rewrite.so {$mod_mem_cache} <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> # # If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. +# httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for @@ -682,15 +611,15 @@ ServerAdmin {$global_site_email} # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # -DocumentRoot "/usr/local/apachemodsecurity" +DocumentRoot "{$apache_dir}/www/{$apache_version}" # # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). +# directory (and its subdirectories). # -# First, we configure the "default" to be a very restrictive set of -# features. +# First, we configure the "default" to be a very restrictive set of +# features. # <Directory /> AllowOverride None @@ -708,7 +637,7 @@ DocumentRoot "/usr/local/apachemodsecurity" # # This should be changed to whatever you set DocumentRoot to. # -#<Directory "/usr/local/www/apachemodsecurity/"> +#<Directory "{$apache_dir}/www/apachemodsecurity/"> # # # # Possible values for the Options directive are "None", "All", # # or any combination of: @@ -747,8 +676,8 @@ DocumentRoot "/usr/local/apachemodsecurity" #</IfModule> # # -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. # #<FilesMatch "^\.ht"> # Order allow,deny @@ -803,8 +732,8 @@ LogLevel warn #<IfModule alias_module> # # -# # Redirect: Allows you to tell clients about documents that used to -# # exist in your server's namespace, but do not anymore. The client +# # Redirect: Allows you to tell clients about documents that used to +# # exist in your server's namespace, but do not anymore. The client # # will make a new request for the document at its new location. # # Example: # # Redirect permanent /foo http://www.example.com/bar @@ -821,14 +750,14 @@ LogLevel warn # # the filesystem path. # # # -# # ScriptAlias: This controls which directories contain server scripts. +# # ScriptAlias: This controls which directories contain server scripts. # # ScriptAliases are essentially the same as Aliases, except that # # documents in the target directory are treated as applications and # # run by the server when requested rather than as documents sent to the # # client. The same rules about trailing "/" apply to ScriptAlias # # directives as to Alias. # # -# ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/" +# ScriptAlias /cgi-bin/ "{$apache_dir}/www/{$apache_version}/cgi-bin/" # #</IfModule> @@ -844,7 +773,7 @@ LogLevel warn # "/usr/local/www/apache22/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # -#<Directory "/usr/local/www/apache22/cgi-bin"> +#<Directory "{$apache_dir}/www/{$apache_version}/cgi-bin"> # AllowOverride None # Options None # Order allow,deny @@ -867,7 +796,7 @@ DefaultType text/plainm # TypesConfig points to the file containing the list of mappings from # filename extension to MIME-type. # - TypesConfig etc/apache22/mime.types + TypesConfig etc/{$apache_version}/mime.types # # AddType allows you to add to or override the MIME configuration @@ -915,7 +844,7 @@ DefaultType text/plainm # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # -#MIMEMagicFile etc/apache22/magic +#MIMEMagicFile etc/{$apache_version}/magic # # Customizable error responses come in three flavors: @@ -932,10 +861,10 @@ DefaultType text/plainm # # -# EnableMMAP and EnableSendfile: On systems that support it, +# EnableMMAP and EnableSendfile: On systems that support it, # memory-mapping or the sendfile syscall is used to deliver # files. This usually improves server performance, but must -# be turned off when serving from networked-mounted +# be turned off when serving from networked-mounted # filesystems or if support for these functions is otherwise # broken on your system. # @@ -944,43 +873,43 @@ DefaultType text/plainm # Supplemental configuration # -# The configuration files in the etc/apache22/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as +# The configuration files in the etc/{$apache_version}/extra/ directory can be +# included to add extra features or to modify the default configuration of +# the server, or you may simply copy their contents here and change as # necessary. # Server-pool management (MPM specific) -#Include etc/apache22/extra/httpd-mpm.conf +#Include etc/{$apache_version}/extra/httpd-mpm.conf # Multi-language error messages -#Include etc/apache22/extra/httpd-multilang-errordoc.conf +#Include etc/{$apache_version}/extra/httpd-multilang-errordoc.conf # Fancy directory listings -#Include etc/apache22/extra/httpd-autoindex.conf +#Include etc/{$apache_version}/extra/httpd-autoindex.conf # Language settings -#Include etc/apache22/extra/httpd-languages.conf +#Include etc/{$apache_version}/extra/httpd-languages.conf # User home directories -#Include etc/apache22/extra/httpd-userdir.conf +#Include etc/{$apache_version}/extra/httpd-userdir.conf # Real-time info on requests and configuration -#Include etc/apache22/extra/httpd-info.conf +#Include etc/{$apache_version}/extra/httpd-info.conf # Virtual hosts -#Include etc/apache22/extra/httpd-vhosts.conf +#Include etc/{$apache_version}/extra/httpd-vhosts.conf # Local access to the Apache HTTP Server Manual -#Include etc/apache22/extra/httpd-manual.conf +#Include etc/{$apache_version}/extra/httpd-manual.conf # Distributed authoring and versioning (WebDAV) -#Include etc/apache22/extra/httpd-dav.conf +#Include etc/{$apache_version}/extra/httpd-dav.conf # Various default settings -#Include etc/apache22/extra/httpd-default.conf +#Include etc/{$apache_version}/extra/httpd-default.conf # Secure (SSL/TLS) connections -#Include etc/apache22/extra/httpd-ssl.conf +#Include etc/{$apache_version}/extra/httpd-ssl.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent @@ -993,6 +922,7 @@ SSLRandomSeed connect builtin # Cache settings {$mem_cache} +{$disk_cache} {$cache_root} # Mod security @@ -1002,16 +932,13 @@ SSLRandomSeed connect builtin {$mod_proxy} # Include anything else -Include etc/apache22/Includes/*.conf +Include etc/{$apache_version}/Includes/*.conf EOF; - if (!is_dir('/usr/local/etc/apache22')) { - mkdir('/usr/local/etc/apache22', 0775, true); - } - $fd = fopen("/usr/local/etc/apache22/httpd.conf", "w"); - if(!$fd) { + + $fd = fopen(APACHEDIR . "/etc/". APACHEVERSION . "/httpd.conf", "w"); + if (!$fd) { $error_text = "Could not open httpd.conf for writing!"; - echo $error_text; log_error($error_text); exit; } @@ -1019,4 +946,65 @@ EOF; fclose($fd); } +function apache_mod_security_upgrade_config() { + global $config, $modsec_config; + $modsec_config =& $config['installedpackages']['apachemodsecuritysettings']['config'][0]; + $changes = 0; + if (!is_array($modsec_config)) { + $modsec_config = array(); + } + if (isset($modsec_config['modsecuritycustom'])) { + $modsec_config['modsecuritycustom_adv'] = base64_encode($modsec_config['modsecuritycustom']); + unset($modsec_config['modsecuritycustom']); + $changes++; + } + if (isset($modsec_config['errordocument'])) { + $modsec_config['errordocument_custom'] = base64_encode($modsec_config['errordocument']); + unset($modsec_config['errordocument']); + $changes++; + } + if ($changes > 0 ) { + write_config("[apache_mod_security] Upgraded old package configuration."); + } +} + +function apache_mod_security_validate_input($post, &$input_errors) { + if (!empty($post['hostname'])) { + if (!is_hostname($post['hostname'])) { + $input_errors[] = "'Server Hostname' must be either empty, or a valid hostname."; + } + } + if (!empty($post['globalbindtoipaddr'])) { + if (!is_ipaddr($post['globalbindtoipaddr'])) { + $input_errors[] = "'Default Bind to IP Address' must be either empty, or a valid IP address."; + } + } + if (!empty($post['globalbindtoport'])) { + if (!is_port($post['globalbindtoport'])) { + $input_errors[] = "'Default Bind to Port' must be either empty, or a valid port."; + } + } + if (!empty($post['mod_mem_cache_size'])) { + if (!is_numericint($post['mod_mem_cache_size'])) { + $input_errors[] = "'mod_mem_cache Memory Usage' must be either empty, or a non-negative integer."; + } + } + if (!empty($post['mod_disk_cache_max_filesize'])) { + if (!is_numericint($post['mod_disk_cache_max_filesize'])) { + $input_errors[] = "'mod_disk_cache CacheMaxFileSize' must be either empty, or a non-negative integer."; + } + } + if (!empty($post['SecRequestBodyInMemoryLimit'])) { + if (!is_numericint($post['SecRequestBodyInMemoryLimit'])) { + $input_errors[] = "'SecRequestBodyInMemoryLimit' must be either empty, or a non-negative integer."; + } + } + if (!empty($post['SecRequestBodyLimit'])) { + if (!is_numericint($post['SecRequestBodyLimit'])) { + $input_errors[] = "'SecRequestBodyLimit' must be either empty, or a non-negative integer."; + } + } + +} + ?> diff --git a/config/apache_mod_security/apache_mod_security.xml b/config/apache_mod_security/apache_mod_security.xml index 0b973689..ee8c7fbb 100644 --- a/config/apache_mod_security/apache_mod_security.xml +++ b/config/apache_mod_security/apache_mod_security.xml @@ -1,76 +1,111 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ - /* $Id$ */ - /* ========================================================================== */ - /* - apache_mod_security.xml - part of apache_mod_security package (http://www.pfSense.com) - Copyright (C)2009, 2010 Scott Ullrich - All rights reserved. - */ - /* ========================================================================== */ - /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + <copyright> +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ +/* + apache_mod_security.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009, 2010 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ - /* ========================================================================== */ - ]]> - </copyright> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>apache_mod_security</name> - <version>1.0</version> + <version>0.1.8</version> <title>Services: Mod_Security+Apache+Proxy: Site Proxies</title> + <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> <menu> <name>Mod_Security+Apache+Proxy</name> <tooltiptext></tooltiptext> <section>Services</section> <configfile>apache_mod_security.xml</configfile> </menu> + <service> + <name>apache_mod_security</name> + <rcfile>apache_mod_security.sh</rcfile> + <executable>httpd</executable> + <description>HTTP Daemon with mod_security</description> + </service> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security_settings.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security_view_logs.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/apachemodsecurity/rules</prefix> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/rules/10_asl_rules.conf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/apachemodsecurity/rules</prefix> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/rules/a_exclude.conf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/apachemodsecurity/rules</prefix> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/rules/blacklist.conf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/apachemodsecurity/rules</prefix> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/rules/default.conf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/apachemodsecurity/rules</prefix> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/rules/recons.conf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/apachemodsecurity/rules</prefix> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/rules/rootkits.conf</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/apachemodsecurity/rules</prefix> + <item>https://packages.pfsense.org/packages/config/apache_mod_security/rules/useragents.conf</item> + </additional_files_needed> <tabs> <tab> <text>Proxy Server Settings</text> - <url>/pkg_edit.php?xml=apache_mod_security_settings.xml&id=0</url> + <url>/pkg_edit.php?xml=apache_mod_security_settings.xml</url> </tab> <tab> <text>Site Proxies</text> <url>/pkg.php?xml=apache_mod_security.xml</url> - <active/> + <active/> </tab> <tab> <text>Logs</text> @@ -79,7 +114,7 @@ </tabs> <adddeleteeditpagefields> <columnitem> - <fielddescr>Site name</fielddescr> + <fielddescr>Site Name</fielddescr> <fieldname>sitename</fieldname> </columnitem> <columnitem> @@ -89,21 +124,21 @@ </adddeleteeditpagefields> <fields> <field> - <fielddescr>Site name</fielddescr> + <fielddescr>Site Name</fielddescr> <fieldname>sitename</fieldname> <description> <![CDATA[ - Enter a short descriptive name for the site. (e.g. intranet) + Enter a short descriptive name for the site. (e.g. intranet) ]]> </description> <type>input</type> </field> <field> - <fielddescr>Site Webmaster E-Mail address</fielddescr> + <fielddescr>Site Webmaster E-Mail Address</fielddescr> <fieldname>siteemail</fieldname> <description> <![CDATA[ - Enter the Webmaster E-Mail address for this site. + Enter the Webmaster E-Mail address for this site. ]]> </description> <type>input</type> @@ -113,10 +148,10 @@ <fieldname>siteurl</fieldname> <description></description> <size>1</size> - <type>select</type> + <type>select</type> <options> - <option><name>HTTP</name><value>HTTP</value></option> - <option><name>HTTPS</name><value>HTTPS</value></option> + <option><name>HTTP</name><value>HTTP</value></option> + <option><name>HTTPS</name><value>HTTPS</value></option> </options> </field> <field> @@ -138,8 +173,8 @@ <fieldname>certificatefile</fieldname> <description> <![CDATA[ - Name of certificate file under /usr/local/apache22/etc/<br/> - (required if Protocol is https) + Name of certificate file under /usr/local/apache22/etc/<br /> + (Required if 'Protocol' is HTTPS.) ]]> </description> <size>40</size> @@ -150,8 +185,8 @@ <fieldname>certificatekeyfile</fieldname> <description> <![CDATA[ - Name of certificate key file under /usr/local/apache22/etc/<br/> - (required if Protocol is https) + Name of certificate key file under /usr/local/apache22/etc/<br /> + (Required if 'Protocol' is HTTPS.) ]]> </description> <size>40</size> @@ -162,30 +197,30 @@ <fieldname>certificatechainfile</fieldname> <description> <![CDATA[ - Name of certificate chain file under /usr/local/apache22/etc/<br/> - (not required) - ]]> + Name of certificate chain file under /usr/local/apache22/etc/<br /> + (Not required.) + ]]> </description> <size>40</size> <type>input</type> </field> <field> - <fielddescr>Preserve Proxy hostname</fielddescr> + <fielddescr>Preserve Proxy Hostname</fielddescr> <fieldname>preserveproxyhostname</fieldname> <description> <![CDATA[ - When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address. + When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the backend IP address. ]]> </description> <type>checkbox</type> </field> <field> - <fielddescr>Primary site hostname</fielddescr> + <fielddescr>Primary Site Hostname</fielddescr> <fieldname>primarysitehostname</fieldname> <description> <![CDATA[ - Enter the primary hostname (FQDN) for this website (e.g. www.example.com)<br/> - Leave blank and define the IP Address / port above for IP site proxy (i.e. not named site proxy) + Enter the primary hostname (FQDN) for this website (e.g. www.example.com).<br /> + Leave blank and define the IP Address / Port above for IP site proxy (i.e. not named site proxy). ]]> </description> <size>40</size> @@ -194,37 +229,40 @@ <field> <fielddescr> <![CDATA[ - Backend Web Servers and Additional Site Hostnames + Backend Web Servers and Additional Site Hostnames ]]> </fielddescr> <fieldname>additionalparameters</fieldname> - <type>rowhelper</type> - <rowhelper> + <type>rowhelper</type> + <rowhelper> <rowhelperfield> - <fielddescr>Web server backend URLs</fielddescr> - <fieldname>webserveripaddr</fieldname> - <description>Add each web server IP address here.</description> - <type>input</type> - <size>40</size> + <fielddescr>Web Server Backend URLs</fielddescr> + <fieldname>webserveripaddr</fieldname> + <description>Add each web server IP address here.</description> + <type>input</type> + <size>40</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Additional Site Hostnames (not required)</fielddescr> - <fieldname>additionalsitehostnames</fieldname> - <description>Add each webserver hostname address here.</description> - <type>input</type> - <size>40</size> + <fielddescr>Additional Site Hostnames (Optional)</fielddescr> + <fieldname>additionalsitehostnames</fieldname> + <description>Add each webserver hostname address here.</description> + <type>input</type> + <size>40</size> </rowhelperfield> - </rowhelper> + </rowhelper> </field> </fields> - <service> - <name>apache_mod_security</name> - <rcfile>apache_mod_security.sh</rcfile> - <executable>httpd</executable> - <description>HTTP Daemon with mod_security</description> - </service> + <custom_php_install_command> + apache_mod_security_install(); + apache_mod_security_upgrade_config(); + </custom_php_install_command> + <custom_php_deinstall_command> + apache_mod_security_deinstall(); + </custom_php_deinstall_command> <custom_php_resync_config_command> apache_mod_security_resync(); </custom_php_resync_config_command> - <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> -</packagegui>
\ No newline at end of file + <custom_php_validation_command> + apache_mod_security_validate_input($_POST, $input_errors); + </custom_php_validation_command> +</packagegui> diff --git a/config/apache_mod_security/apache_mod_security_settings.xml b/config/apache_mod_security/apache_mod_security_settings.xml index 479e7509..c5f1da5c 100644 --- a/config/apache_mod_security/apache_mod_security_settings.xml +++ b/config/apache_mod_security/apache_mod_security_settings.xml @@ -1,52 +1,57 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - apache_mod_security_settings.xml - part of apache_mod_security package (http://www.pfSense.com) - Copyright (C) 2008, 2009, 2010 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + apache_mod_security_settings.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008-2010 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>apache_mod_security_settings</name> - <version>1.0</version> + <version>0.1.8</version> <title>Services: Mod_Security+Apache+Proxy: Settings</title> - <aftersaveredirect>pkg_edit.php?xml=apache_mod_security_settings.xml&id=0</aftersaveredirect> + <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> + <aftersaveredirect>pkg_edit.php?xml=apache_mod_security_settings.xml</aftersaveredirect> + <advanced_options>enabled</advanced_options> <tabs> <tab> <text>Proxy Server Settings</text> - <url>/pkg_edit.php?xml=apache_mod_security_settings.xml&id=0</url> - <active/> + <url>/pkg_edit.php?xml=apache_mod_security_settings.xml</url> + <active/> </tab> <tab> <text>Site Proxies</text> @@ -59,19 +64,23 @@ </tabs> <fields> <field> - <fielddescr>Global site E-mail administrator</fielddescr> + <name>General Proxy Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Global Site Administrator E-Mail Address</fielddescr> <fieldname>globalsiteadminemail</fieldname> - <description>Enter the site administrators e-mail address</description> + <description>Enter the e-mail address of the global site administrator.</description> <type>input</type> + <default_value>admin@example.com</default_value> </field> <field> - <fielddescr>Server hostname</fielddescr> + <fielddescr>Server Hostname</fielddescr> <fieldname>hostname</fieldname> <description> <![CDATA[ - Enter the servers hostname - <br/> - NOTE: Leave blank to use this devices hostname. + Enter the server's hostname.<br /> + NOTE: Leave blank to use the hostname of this device. ]]> </description> <type>input</type> @@ -81,47 +90,43 @@ <fieldname>globalbindtoipaddr</fieldname> <description> <![CDATA[ - This is the IP address the Proxy Server will listen on. - <br/> - NOTE: Leave blank to bind to * + This is the IP address the Proxy Server will listen on.<br /> + NOTE: Leave blank to bind to * (any). ]]> </description> <type>input</type> </field> <field> - <fielddescr>Default Bind to port</fielddescr> + <fielddescr>Default Bind to Port</fielddescr> <fieldname>globalbindtoport</fieldname> <description> <![CDATA[ - This is the port the Proxy Server will listen on. - <br/> - NOTE: Leave blank to bind to 80 - ]]> + This is the port the Proxy Server will listen on.<br /> + NOTE: Leaving this blank will bind to default port 80. + ]]> </description> <type>input</type> + <default_value>80</default_value> </field> <field> <fielddescr> <![CDATA[ - Additional Addresses<br/> - Do not edit. This field will be automatically populated from Site Proxies settings. + Additional Addresses<br /> + <strong>DO NOT EDIT!</strong> This field will be automatically populated from Site Proxies settings. ]]> </fielddescr> <fieldname>additionaladdresses</fieldname> - <description></description> <type>rowhelper</type> <rowhelper> <rowhelperfield> <fielddescr>IP Address</fielddescr> <fieldname>ipaddress</fieldname> - <description></description> <type>input</type> <size>45</size> </rowhelperfield> <rowhelperfield> <fielddescr>Port</fielddescr> <fieldname>ipport</fieldname> - <description></description> <type>input</type> <size>10</size> </rowhelperfield> @@ -132,99 +137,133 @@ <fieldname>mod_mem_cache</fieldname> <description> <![CDATA[ - Enables mod_mem_cache which stores cached documents in memory. - ]]> + Enables mod_mem_cache which stores cached documents in memory. + ]]> </description> <type>checkbox</type> + <enablefields>mod_mem_cache_size</enablefields> </field> <field> - <fielddescr>mod_mem_cache memory usage</fielddescr> + <fielddescr>mod_mem_cache Memory Usage</fielddescr> <fieldname>mod_mem_cache_size</fieldname> <description> <![CDATA[ - Sets the memory usage in megabytes. - ]]> + The maximum amount of memory used by mod_mem_cache in KBytes. (Default: 100) + ]]> </description> <type>input</type> + <default_value>100</default_value> </field> <field> <fielddescr>Use mod_disk_cache</fielddescr> <fieldname>mod_disk_cache</fieldname> <description> <![CDATA[ - mod_disk_cache implements a disk based storage manager. It is primarily of use in conjunction with mod_cache. - ]]> + mod_disk_cache implements a disk based storage manager. It is primarily of use in conjunction with mod_cache. + ]]> </description> <type>checkbox</type> + <enablefields>mod_disk_cache_max_filesize</enablefields> </field> <field> - <fielddescr>mod_disk_cache memory usage</fielddescr> - <fieldname>mod_disk_cache_size</fieldname> + <fielddescr>mod_disk_cache CacheMaxFileSize</fielddescr> + <fieldname>mod_disk_cache_max_filesize</fieldname> <description> <![CDATA[ - Sets the memory usage in Kbytes. - ]]> + The maximum size (in bytes) of a document to be placed in the cache. (Default: 1000000) + ]]> </description> <type>input</type> + <default_value>1000000</default_value> </field> <field> - <fielddescr>Limits number of POSTS accepted from same IP address</fielddescr> - <fieldname>SecReadStateLimit</fieldname> - <description> - <![CDATA[ - Help prevent the effects of a Slowloris-type of attack. More information about this attack can be found here: http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html - ]]> - </description> - <type>input</type> + <name>mod_security Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable mod_security Protection</fielddescr> + <fieldname>enablemodsecurity</fieldname> + <description>Enables mod_security protection for all sites being proxied.</description> + <type>checkbox</type> + <enablefields>secrequestbodyinmemorylimit,secrequestbodylimit</enablefields> </field> <field> - <fielddescr>Configures the maximum request body size ModSecurity will store in memory.</fielddescr> + <fielddescr>SecRequestBodyInMemoryLimit</fielddescr> <fieldname>secrequestbodyinmemorylimit</fieldname> - <description>Configures the maximum request body size ModSecurity will store in memory.</description> + <description> + <![CDATA[ + Configures the maximum request body size (in bytes) ModSecurity will store in memory. (Default: 131072) + ]]> + </description> <type>input</type> + <default_value>131072</default_value> </field> <field> - <fielddescr>Configures the maximum request body size ModSecurity will accept for buffering.</fielddescr> + <fielddescr>SecRequestBodyLimit</fielddescr> <fieldname>secrequestbodylimit</fieldname> - <description>Configures the maximum request body size ModSecurity will accept for buffering.</description> + <description> + <![CDATA[ + Configures the maximum request body size (in bytes) ModSecurity will accept for buffering. Default: 10485760) + ]]> + </description> <type>input</type> + <default_value>10485760</default_value> </field> <field> - <fielddescr>Enable mod_security protection</fielddescr> - <fieldname>enablemodsecurity</fieldname> - <description>Enables mod_security protection for all sites being proxied</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Configures the audit logging engine.</fielddescr> + <fielddescr>SecAuditEngine</fielddescr> <fieldname>secauditengine</fieldname> - <description>Configures the audit logging engine.</description> - <type>select</type> + <description> + <![CDATA[ + Configures the audit logging engine.<br /><br /> + <strong>On:</strong> Log all transactions.<br /> + <strong>Off:</strong> Do not log any transactions.<br /> + <strong>RelevantOnly:</strong> Only the log transactions that have triggered a warning or an error, or have a status code that is considered to be relevant. + ]]> + </description> + <type>select</type> <options> - <option><name>RelevantOnly</name><value>RelevantOnly</value></option> - <option><name>All</name><value>On</value></option> - <option><name>Off</name><value>Off</value></option> + <option><name>RelevantOnly</name><value>RelevantOnly</value></option> + <option><name>All</name><value>On</value></option> + <option><name>Off</name><value>Off</value></option> </options> </field> <field> <fielddescr>Custom mod_security ErrorDocument</fielddescr> - <fieldname>errordocument</fieldname> - <description></description> + <fieldname>errordocument_custom</fieldname> <type>textarea</type> - <rows>10</rows> - <cols>75</cols> + <rows>10</rows> + <cols>75</cols> + <description> + <![CDATA[ + See <a href="http://httpd.apache.org/docs/2.2/mod/core.html#errordocument">Apache Core Features - ErrorDocument Directive</a> for documentation.<br /><br /> + Example:<br /> + ErrorDocument 403 "Sorry, can't allow you access today"<br /> + ErrorDocument 404 http://banned.example.com/notfound.php<br /> + ErrorDocument 500 /denied.html + ]]> + </description> + <encoding>base64</encoding> </field> <field> - <fielddescr>Custom mod_security rules</fielddescr> - <fieldname>modsecuritycustom</fieldname> - <description>Paste any custom mod_security rules that you would like to use</description> + <fielddescr>Custom mod_security Rules</fielddescr> + <fieldname>modsecuritycustom_adv</fieldname> + <description> + <![CDATA[ + Paste any custom mod_security rules that you would like to use.<br /> + See <a href="https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual">ModSecurity Reference Manual</a>. + ]]> + </description> <type>textarea</type> - <rows>10</rows> - <cols>75</cols> + <rows>10</rows> + <cols>75</cols> + <encoding>base64</encoding> + <advancedfield/> </field> </fields> <custom_php_resync_config_command> apache_mod_security_resync(); </custom_php_resync_config_command> - <include_file>/usr/local/pkg/apache_mod_security.inc</include_file> -</packagegui>
\ No newline at end of file + <custom_php_validation_command> + apache_mod_security_validate_input($_POST, $input_errors); + </custom_php_validation_command> +</packagegui> diff --git a/config/apache_mod_security/apache_mod_security_view_logs.php b/config/apache_mod_security/apache_mod_security_view_logs.php index b2e60320..2fbcdcaa 100644 --- a/config/apache_mod_security/apache_mod_security_view_logs.php +++ b/config/apache_mod_security/apache_mod_security_view_logs.php @@ -1,9 +1,9 @@ <?php -/* $Id$ */ /* apache_mod_security_view_logs.php - part of pfSense (https://www.pfsense.org/) - Copyright (C) 2009, 2010 Scott Ullrich <sullrich@gmail.com> + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009, 2010 Scott Ullrich + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,31 +27,33 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -require("guiconfig.inc"); +require_once("guiconfig.inc"); +require_once("util.inc"); +require_once("/usr/local/pkg/apache_mod_security.inc"); if($_REQUEST['getactivity']) { - if($_REQUEST['logtype'] == "error") - $apachelogs = `cat /var/log/httpd-error.log`; - else - $apachelogs = `cat /var/log/httpd-access.log`; - echo "</pre><h1>Apache+Mod_Security_Proxy Server logs as of " . date("D M j G:i:s T Y") . "</h1><pre>\n\n"; + if ($_REQUEST['logtype'] == "error") { + $apachelogs = shell_exec("/bin/cat /var/log/httpd-error.log"); + $logtype = "Error"; + } else { + $apachelogs = shell_exec("/bin/cat /var/log/httpd-access.log"); + $logtype = "Access"; + } + echo "</pre><h2>Apache+Mod_Security_Proxy Server {$logtype} Logs as of " . date("D M j G:i:s T Y") . "</h2><pre>\n\n"; echo $apachelogs; exit; } -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version < 2.0) - $one_two = true; +if ($_POST['clear']) { + unlink_if_exists("/var/log/httpd-error.log"); + unlink_if_exists("/var/log/httpd-access.log"); + apache_mod_security_restart(); +} +$closehead = false; $pgtitle = "Services: Mod_Security+Apache+Proxy: Logs"; include("head.inc"); - -/* XXX */ -if ($_POST['clear']) { } - ?> -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <style type='text/css'> pre { overflow-x: auto; /* Use horizontal scroller if needed; for Firefox 2, not needed in Firefox 3 */ @@ -64,65 +66,76 @@ pre { } </style> <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> - <script type="text/javascript"> - function getlogactivity() { - var url = "/apache_mod_security_view_logs.php"; - var pars = 'getactivity=yes'; - var myAjax = new Ajax.Request( - url, - { - method: 'post', - parameters: pars, - onComplete: activitycallback - }); - } - function activitycallback(transport) { - $('apachelogs').innerHTML = '<font face="Courier"><pre>' + transport.responseText + '</pre></font>'; - setTimeout('getlogactivity()', 2500); - } - setTimeout('getlogactivity()', 1000); - </script> +<script type="text/javascript"> +//<![CDATA[ + function getlogactivity() { +<?php + if ($_REQUEST['logtype'] != "error") { + $viewurl = "/apache_mod_security_view_logs.php"; + } else { + $viewurl = "/apache_mod_security_view_logs.php?logtype=error"; + } +?> + var url = "<? echo $viewurl ?>"; + var pars = 'getactivity=yes'; + var myAjax = new Ajax.Request( + url, + { + method: 'post', + parameters: pars, + onComplete: activitycallback + }); + } + function activitycallback(transport) { + $('apachelogs').innerHTML = '<font face="Courier"><pre>' + transport.responseText + '</pre></font>'; + setTimeout('getlogactivity()', 2500); + } + setTimeout('getlogactivity()', 1000); +//]]> +</script> +</head> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> - -<?php if($one_two): ?> -<p class="pgtitle"><?=$pgtitle?></font></p> -<?php endif; ?> - <?php if ($savemsg) print_info_box($savemsg); ?> <div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> <?php $tab_array = array(); $tab_array[] = array(gettext("Proxy Server Settings"), false, "/pkg_edit.php?xml=apache_mod_security_settings.xml&id=0"); - $tab_array[] = array(gettext("Site Proxies"), false, "/pkg.php?xml=apache_mod_security.xml"); + $tab_array[] = array(gettext("Site Proxies"), false, "/pkg.php?xml=apache_mod_security.xml"); $tab_array[] = array(gettext("Logs"), true, "/apache_mod_security_view_logs.php"); display_top_tabs($tab_array); ?> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - <form action="apache_mod_security_view_logs.php" method="post"> - <br> - <div id="apachelogs"> - <pre>One moment please, loading Apache logs...</pre> + </td></tr> + <tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabcont" > + <form action="apache_mod_security_view_logs.php" method="post"> + <br /> + <div id="apachelogs"> + <pre>One moment please, loading Apache logs...</pre> + </div> + </form> + </td></tr> + </table> </div> - </td> - </tr> -</table> -<td align="left" valign="top"> - <form id="filterform" name="filterform" action="apache_mod_security_view_logs.php" method="post" style="margin-top: 14px;"> - <p/> - <input id="submit" name="clear" type="submit" class="formbtn" value="<?=gettext("Clear log");?>" /> - </form> -</td> + </td></tr> + <tr><td align="left" valign="top"> + <form id="filterform" name="filterform" action="apache_mod_security_view_logs.php" method="post" style="margin-top: 14px;"> + <p /> + <input id="submit" name="clear" type="submit" class="formbtn" value="<?=gettext("Clear log");?>" /> + </form> + </td></tr> + </table> </div> <?php - if($_REQUEST['logtype'] = "error") { - echo "<br/>View <a href='apache_mod_security_view_logs.php?logtype=error'>error</a> logs"; + if ($_REQUEST['logtype'] != "error") { + echo "<br /><a href='apache_mod_security_view_logs.php?logtype=error'>View Error Logs</a>"; } else { - echo "<br/>View <a href='apache_mod_security_view_logs.php'>access</a> logs"; + echo "<br /><a href='apache_mod_security_view_logs.php'>View Access Logs</a>"; } ?> <?php include("fend.inc"); ?> diff --git a/config/apcupsd/apcupsd.inc b/config/apcupsd/apcupsd.inc index 2b166994..e3b9b587 100644 --- a/config/apcupsd/apcupsd.inc +++ b/config/apcupsd/apcupsd.inc @@ -40,7 +40,6 @@ function php_install_apcupsd() { function php_deinstall_apcupsd() { global $config, $g; - conf_mount_rw(); $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('APCUPSD_BASE', '/usr/pbi/apcupsd-' . php_uname("m")); @@ -48,7 +47,6 @@ function php_deinstall_apcupsd() { define('APCUPSD_BASE', '/usr/local'); } - exec("/usr/bin/killall apcupsd"); unlink_if_exists(APCUPSD_BASE . "/etc/rc.d/apcupsd.sh"); unlink_if_exists(APCUPSD_BASE . "/etc/apcupsd/apcupsd.conf"); unlink_if_exists("/var/log/apcupsd/apcupsd.log"); @@ -61,7 +59,6 @@ function php_deinstall_apcupsd() { exec("/bin/rm -rf /var/run/apcupsd/"); } - conf_mount_ro(); } function validate_input_apcupsd($post, &$input_errors) { diff --git a/config/arping/arping.priv.inc b/config/arping/arping.priv.inc new file mode 100644 index 00000000..cd2c0111 --- /dev/null +++ b/config/arping/arping.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + arping.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-arping'] = array(); +$priv_list['page-diagnostics-arping']['name'] = "WebCfg - Diagnostics: ARPing package"; +$priv_list['page-diagnostics-arping']['descr'] = "Allow access to ARPing package GUI"; +$priv_list['page-diagnostics-arping']['match'] = array(); +$priv_list['page-diagnostics-arping']['match'][] = "pkg_edit.php?xml=arping.xml*"; + +?> diff --git a/config/arping/arping.xml b/config/arping/arping.xml index 59da6db1..2049e1b8 100644 --- a/config/arping/arping.xml +++ b/config/arping/arping.xml @@ -41,7 +41,7 @@ ]]> </copyright> <name>arping</name> - <version>1.2</version> + <version>1.2.1</version> <title>Diagnostics: ARPing</title> <savetext>Run ARPing</savetext> <preoutput>yes</preoutput> @@ -57,6 +57,10 @@ <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/arping/arping.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/arping/arping.priv.inc</item> + </additional_files_needed> <fields> <field> <fielddescr>IP, Hostname or MAC</fielddescr> diff --git a/config/arpwatch/arpwatch.priv.inc b/config/arpwatch/arpwatch.priv.inc new file mode 100644 index 00000000..3ec28ccd --- /dev/null +++ b/config/arpwatch/arpwatch.priv.inc @@ -0,0 +1,39 @@ +<?php +/* + arpwatch.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-arpwatch'] = array(); +$priv_list['page-diagnostics-arpwatch']['name'] = "WebCfg - Services: arpwatch package"; +$priv_list['page-diagnostics-arpwatch']['descr'] = "Allow access to arpwatch package GUI"; + +$priv_list['page-diagnostics-arpwatch']['match'] = array(); +$priv_list['page-diagnostics-arpwatch']['match'][] = "pkg_edit.php?xml=arpwatch.xml*"; +$priv_list['page-diagnostics-arpwatch']['match'][] = "arpwatch_reports.php*"; + +?> diff --git a/config/arpwatch/arpwatch.xml b/config/arpwatch/arpwatch.xml index aa6a9ae8..b181e052 100644 --- a/config/arpwatch/arpwatch.xml +++ b/config/arpwatch/arpwatch.xml @@ -42,7 +42,7 @@ </copyright> <description>ARP Monitoring Daemon</description> <name>arpwatch</name> - <version>1.1.2</version> + <version>1.1.3</version> <title>arpwatch: Settings</title> <aftersaveredirect>pkg_edit.php?xml=arpwatch.xml&id=0</aftersaveredirect> <menu> @@ -79,6 +79,10 @@ <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/arpwatch/sm.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/arpwatch/arpwatch.priv.inc</item> + </additional_files_needed> <fields> <field> <fielddescr>Listening Interface</fielddescr> @@ -149,9 +153,15 @@ <custom_php_install_command> <![CDATA[ unlink_if_exists("/usr/local/etc/rc.d/arpwatch.sh"); - @link("/usr/sbin/sm.php", "/usr/sbin/sendmail"); + unlink_if_exists("/usr/sbin/sendmail"); + symlink("/usr/sbin/sm.php", "/usr/sbin/sendmail"); ]]> </custom_php_install_command> + <custom_php_deinstall_command> + <![CDATA[ + unlink_if_exists("/usr/sbin/sendmail"); + ]]> + </custom_php_deinstall_command> <custom_php_resync_config_command> <![CDATA[ sync_package_arpwatch(); diff --git a/config/asterisk/asterisk.inc b/config/asterisk/asterisk.inc index 9a89d885..ed835b25 100644 --- a/config/asterisk/asterisk.inc +++ b/config/asterisk/asterisk.inc @@ -1,118 +1,104 @@ <?php -/* ========================================================================== */ /* asterisk.inc - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012-2013 Marcello Coutinho - Copyright (C) 2012-2013 robi <robreg@zsurob.hu> - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2012-2013 robi <robreg@zsurob.hu> + Copyright (C) 2015 ESF, LLC + All rights reserved. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ define('ASTERISK_CONF_DIR', '/conf/asterisk'); -//Check pfsense version -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2") +$pf_version=substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { define('ASTERISK_LOCALBASE', '/usr/pbi/asterisk-' . php_uname("m")); -else +} else { define('ASTERISK_LOCALBASE','/usr/local'); +} function asterisk_install() { + // Remove rc script from previous package versions + unlink_if_exists("/usr/local/etc/rc.d/asterisk"); sync_package_asterisk(); } -function asterisk_deinstall() { - $script='/usr/local/etc/rc.d/asterisk'; - if (file_exists($script)){ - mwexec("$script stop"); - chmod ($script,0444); - } -} - function sync_package_asterisk() { - global $config, $g; - - #mount filesystem writeable conf_mount_rw(); - - //for NanoBSD compatibility, move the /etc/asterisk configuration directory to /conf, and symlink it back - $dist_dir=ASTERISK_CONF_DIR ."/dist"; - if (!is_dir($dist_dir)) - mkdir($dist_dir,0755,TRUE); - if(file_exists (ASTERISK_LOCALBASE."/etc/asterisk") && !is_link(ASTERISK_LOCALBASE."/etc/asterisk")){ - $dist_files= scandir(ASTERISK_LOCALBASE."/etc/asterisk"); - foreach ($dist_files as $dist){ - if (preg_match("/-dist/",$dist)) - rename (ASTERISK_LOCALBASE."/etc/asterisk"."/$dist", "$dist_dir/$dist"); - elseif (preg_match("/\w+/",$dist)) - rename (ASTERISK_LOCALBASE."/etc/asterisk"."/$dist", ASTERISK_CONF_DIR."/$dist"); - } - rmdir(ASTERISK_LOCALBASE. "/etc/asterisk"); - symlink (ASTERISK_CONF_DIR , ASTERISK_LOCALBASE. "/etc/asterisk"); - } - - //fix asterisk options for nanobsd: logging, db and calls log in /tmp - // if ($g['platform'] == "nanobsd"){ - $script='/conf/asterisk/logger.conf'; - if (file_exists($script)){ - $script_file=file_get_contents($script); - $pattern[0]='@;rotatestrategy@'; - $replace[0]='rotatestrategy = rotate ;by pfSense ;'; - $script_file=preg_replace($pattern,$replace,$script_file); - file_put_contents($script, $script_file, LOCK_EX); - } - - $script='/conf/asterisk/asterisk.conf'; - if (file_exists($script)){ - //point to the /var subdirs in the writable area in RAM - $script_file=file_get_contents($script); - $pattern[0]='/(\Wdirectories\W)\S+/'; - $replace[0]='$1'; - $pattern[1]='/astetcdir => \S+/'; - $replace[1]='astetcdir => /conf/asterisk'; - $pattern[2]='/astdbdir => \S+/'; - $replace[2]='astdbdir => /var/db/asterisk'; - $pattern[3]='/astspooldir => \S+/'; - $replace[3]='astspooldir => /var/spool/asterisk'; - $pattern[4]='/astrundir => \S+/'; - $replace[4]='astrundir => /var/run/asterisk'; - $pattern[5]='/astlogdir => \S+/'; - $replace[5]='astlogdir => /var/log/asterisk'; - $script_file=preg_replace($pattern,$replace,$script_file); - file_put_contents($script, $script_file, LOCK_EX); + // For NanoBSD compatibility, move the /etc/asterisk configuration directory to /conf, and symlink it back + $dist_dir = ASTERISK_CONF_DIR . "/dist"; + safe_mkdir($dist_dir, 0755); + + if (file_exists (ASTERISK_LOCALBASE . "/etc/asterisk") && !is_link(ASTERISK_LOCALBASE . "/etc/asterisk")) { + $dist_files = scandir(ASTERISK_LOCALBASE . "/etc/asterisk"); + foreach ($dist_files as $dist) { + if (preg_match("/-dist/", $dist)) { + rename (ASTERISK_LOCALBASE . "/etc/asterisk" . "/$dist", "$dist_dir/$dist"); + } elseif (preg_match("/\w+/", $dist)) { + rename (ASTERISK_LOCALBASE . "/etc/asterisk" . "/$dist", ASTERISK_CONF_DIR . "/$dist"); + } } -// } + rmdir(ASTERISK_LOCALBASE . "/etc/asterisk"); + symlink(ASTERISK_CONF_DIR, ASTERISK_LOCALBASE . "/etc/asterisk"); + } + + // Fix asterisk options for NanoBSD: logging, db and calls log in /tmp + $script = '/conf/asterisk/logger.conf'; + if (file_exists($script)) { + $script_file = file_get_contents($script); + $pattern[0] = '@;rotatestrategy@'; + $replace[0] = 'rotatestrategy = rotate ;by pfSense ;'; + $script_file = preg_replace($pattern, $replace, $script_file); + file_put_contents($script, $script_file, LOCK_EX); + } + + $script = '/conf/asterisk/asterisk.conf'; + if (file_exists($script)) { + // Point to the /var subdirs in the writable area in ramfs + $script_file = file_get_contents($script); + $pattern[0] = '/(\Wdirectories\W)\S+/'; + $replace[0] = '$1'; + $pattern[1] = '/astetcdir => \S+/'; + $replace[1] = 'astetcdir => /conf/asterisk'; + $pattern[2] = '/astdbdir => \S+/'; + $replace[2] = 'astdbdir => /var/db/asterisk'; + $pattern[3] = '/astspooldir => \S+/'; + $replace[3] = 'astspooldir => /var/spool/asterisk'; + $pattern[4] = '/astrundir => \S+/'; + $replace[4] = 'astrundir => /var/run/asterisk'; + $pattern[5] = '/astlogdir => \S+/'; + $replace[5] = 'astlogdir => /var/log/asterisk'; + $script_file = preg_replace($pattern, $replace, $script_file); + file_put_contents($script, $script_file, LOCK_EX); + } - //add modules settings, for disabling those not required on pfSense - $script='/conf/asterisk/modules.conf'; - if (file_exists($script)){ - $script_file=file_get_contents($script); - if (strpos($script_file,'pfSense') === false) { //first check if already added... - $add_modules_settings=<<<EOF + // Add modules settings, for disabling those not required on pfSense + $script = '/conf/asterisk/modules.conf'; + if (file_exists($script)) { + $script_file = file_get_contents($script); + // First check if already added... + if (strpos($script_file, 'pfSense') === false) { + $add_modules_settings = <<<EOF ;The following modules settings work out of the box on pfSense (note: do not remove this comment line). ;Should you need any disabled module, check for its functionality individually in your environment. ;For more information check asterisk's online documentation. @@ -327,32 +313,34 @@ noload => chan_h323.so noload => res_config_odbc.so EOF; - $script_file .= $add_modules_settings; - file_put_contents($script, $script_file, LOCK_EX); - } + $script_file .= $add_modules_settings; + file_put_contents($script, $script_file, LOCK_EX); } + } + + // Replace general SIP settings as a newbie hint to start configuration + $script = '/conf/asterisk/sip.conf'; + if (file_exists($script)) { + $script_file = file_get_contents($script); + // Strenghten a couple of security settings, and predefine codecs in the default SIP configuration + // First check if already added... + if (strpos($script_file, 'pfSense') === false) { + $pattern[0] = '/;allowguest\S+/'; + $replace[0] = 'allowguest=no ;by pfSense ;'; + $pattern[1] = '/;alwaysauthreject/'; + $replace[1] = 'alwaysauthreject=yes ;by pfSense ;'; + $pattern[2] = '/; jbenable/'; + $replace[2] = 'jbenable=yes ;by pfSense ;'; + $pattern[3] = '/(First disallow all codecs)/'; + $replace[3] = "$1\n;The following general settings usually work on pfSense boxes (note: please do not remove this comment line).\ndisallow=all ;by pfSense\nallow=g729\nallow=gsm\nallow=ulaw\nallow=alaw\n\n"; + $script_file = preg_replace($pattern, $replace, $script_file); + file_put_contents($script, $script_file, LOCK_EX); + } + + // First check if already added... + if (strpos($script_file, 'demo extension for pfSense') === false) { + $add_demo_extension = <<<EOF - //replace general SIP settings as a newbie hint to start configuration - $script='/conf/asterisk/sip.conf'; - if (file_exists($script)){ - $script_file=file_get_contents($script); - //strenghten a couple of security settings, and predefine codecs in the default SIP configuration - if (strpos($script_file,'pfSense') === false) { //first check if already added... - $pattern[0]='/;allowguest\S+/'; - $replace[0]='allowguest=no ;by pfSense ;'; - $pattern[1]='/;alwaysauthreject/'; - $replace[1]='alwaysauthreject=yes ;by pfSense ;'; - $pattern[2]='/; jbenable/'; - $replace[2]='jbenable=yes ;by pfSense ;'; - $pattern[3]='/(First disallow all codecs)/'; - $replace[3]="$1\n;The following general settings usually work on pfSense boxes (note: please do not remove this comment line).\ndisallow=all ;by pfSense\nallow=g729\nallow=gsm\nallow=ulaw\nallow=alaw\n\n"; - $script_file=preg_replace($pattern,$replace,$script_file); - file_put_contents($script, $script_file, LOCK_EX); - } - - if (strpos($script_file,'demo extension for pfSense') === false) { //first check if already added... - $add_demo_extension = <<<EOF - [301] ;demo extension for pfSense type=friend @@ -376,51 +364,50 @@ context=default EOF; $script_file .= $add_demo_extension; file_put_contents($script, $script_file, LOCK_EX); - } } + } - $script='/usr/local/etc/rc.d/asterisk'; - if (file_exists($script)){ - $script_file=file_get_contents($script); - if (preg_match('/NO/',$script_file)){ - $script_file=preg_replace("/NO/","YES",$script_file); - $script_file=preg_replace("/core stop now'/","core stop now'\n killall \$name",$script_file); - - //create the /var subdirs for the writable area in RAM - if (strpos($script_file,'pfSense') === false) { //first check if already added... - $writable_area = <<< EOF -# Create paths in pfSense's volatile area if they don't exist (note: please do not remove this comment line) + // Write /usr/local/etc/rc.d/asterisk.sh rc script + $asterisk_user = "asterisk"; + $command = "/usr/local/sbin/asterisk"; + $command_args = "-n -F -U {$asterisk_user}"; + $start = <<<EOF + +# Create the /var subdirs for the writable area in ramfs for a in db spool run log do if [ ! -d /var/\$a/asterisk ]; then - mkdir -p /var/\$a/asterisk - chown -R asterisk:asterisk /var/\$a/asterisk - chmod -R g+w /var/\$a/asterisk + mkdir -p /var/\$a/asterisk + chown -R asterisk:asterisk /var/\$a/asterisk + chmod -R g+w /var/\$a/asterisk fi done if [ ! -d /var/log/asterisk/cdr-csv ]; then - mkdir -p /var/log/asterisk/cdr-csv - chown -R asterisk:asterisk /var/log/asterisk/cdr-csv - chmod -R g+w /var/log/asterisk/cdr-csv + mkdir -p /var/log/asterisk/cdr-csv + chown -R asterisk:asterisk /var/log/asterisk/cdr-csv + chmod -R g+w /var/log/asterisk/cdr-csv fi +{$command} {$command_args} + EOF; - $script_file .= $writable_area; - } - file_put_contents($script, $script_file, LOCK_EX); - } - chmod ($script,0755); - mwexec("$script stop"); - mwexec_bg("$script start"); - } - - //prepare backup for factory defaults restoring feature + + $stop = "{$command} -nqrx 'core stop now'\n\t"; + $stop .= "/usr/bin/killall asterisk"; + + write_rcfile(array( + 'file' => 'asterisk.sh', + 'start' => $start, + 'stop' => $stop )); + + restart_service("asterisk"); + + // Prepare backup for factory defaults restoring feature if (!file_exists("/conf.default/asterisk_factory_defaults_config.tgz")) { - system("cd /conf/asterisk/ && tar czf /conf.default/asterisk_factory_defaults_config.tgz *"); + system("cd /conf/asterisk/ && /usr/bin/tar czf /conf.default/asterisk_factory_defaults_config.tgz *"); } - - //mount filesystem readonly + conf_mount_ro(); } diff --git a/config/asterisk/asterisk.xml b/config/asterisk/asterisk.xml index d5fb3161..75ba411d 100644 --- a/config/asterisk/asterisk.xml +++ b/config/asterisk/asterisk.xml @@ -2,76 +2,71 @@ <!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ -/* ========================================================================== */ + <copyright> +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ /* - asterisk.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. + asterisk.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Asterisk status pacakge</description> - <requirements>Asterisk 1.8.x</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>asterisk</name> - <version>0.3.1</version> + <version>0.3.3</version> <title>asterisk</title> <include_file>/usr/local/pkg/asterisk.inc</include_file> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/asterisk/asterisk.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_calls.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_edit_file.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_log.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/asterisk/asterisk_cmd.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/asterisk/pkg_asterisk.inc</item> </additional_files_needed> <menu> @@ -82,26 +77,13 @@ </menu> <service> <name>asterisk</name> - <rcfile>asterisk</rcfile> + <rcfile>asterisk.sh</rcfile> <executable>asterisk</executable> - <description><![CDATA[Asterisk VoIP telephony]]></description> + <description>Asterisk VoIP Telephony</description> </service> - <tabs> - </tabs> - <fields> - </fields> <custom_php_install_command> asterisk_install(); </custom_php_install_command> - <custom_php_deinstall_command> - asterisk_deinstall(); - </custom_php_deinstall_command> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_php_validation_command> - </custom_php_validation_command> - <custom_delete_php_command> - </custom_delete_php_command> <custom_php_resync_config_command> sync_package_asterisk(); </custom_php_resync_config_command> diff --git a/config/asterisk/asterisk_calls.php b/config/asterisk/asterisk_calls.php index 75f24b2f..791b6d85 100644 --- a/config/asterisk/asterisk_calls.php +++ b/config/asterisk/asterisk_calls.php @@ -1,14 +1,10 @@ <?php -/* $Id$ */ /* - status_asterisk_calls.php - part of pfSense - Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>. + asterisk_calls.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2013 robi <robreg@zsurob.hu> - All rights reserved. - - originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,7 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* +/* pfSense_MODULE: asterisk */ @@ -53,127 +49,122 @@ include("head.inc"); $callog = "/var/log/asterisk/cdr-csv/Master.csv"; /* Data input processing */ -$cmd = $_GET['cmd']; +$cmd = $_GET['cmd']; $file = $_SERVER["SCRIPT_NAME"]; -$break = Explode('/', $file); -$pfile = $break[count($break) - 1]; +$break = explode('/', $file); +$pfile = $break[count($break) - 1]; -if (file_exists($callog)) - switch ($cmd){ +if (file_exists($callog)) { + switch ($cmd) { case "trim": - $trimres=shell_exec("tail -50 '$callog' > /tmp/trimmed_asterisk.csv && rm '$callog' && mv /tmp/trimmed_asterisk.csv '$callog' && chown asterisk:asterisk '$callog' && chmod g+w '$callog'"); - header( 'Location: asterisk_calls.php?savemsg=Calls+log+trimmed.') ; - break; + $trimres = shell_exec("/usr/bin/tail -n 50 '$callog' > /tmp/trimmed_asterisk.csv && /bin/rm '$callog' && /bin/mv /tmp/trimmed_asterisk.csv '$callog' && /usr/sbin/chown asterisk:asterisk '$callog' && /bin/chmod g+w '$callog'"); + header('Location: asterisk_calls.php?savemsg=Calls+log+trimmed.'); + break; case "clear": - $trimres=shell_exec("rm '$callog' && touch '$callog' && chown asterisk:asterisk '$callog' && chmod g+w '$callog'"); - header( 'Location: asterisk_calls.php?savemsg=Calls+log+cleared.') ; - break; + $trimres=shell_exec("/bin/rm '$callog' && /usr/bin/touch '$callog' && /usr/sbin/chown asterisk:asterisk '$callog' && /bin/chmod g+w '$callog'"); + header('Location: asterisk_calls.php?savemsg=Calls+log+cleared.'); + break; case "download": - // session_cache_limiter('none'); //*Use before session_start() - // session_start(); - header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); - header('Content-Disposition: attachment; filename='.basename($callog)); + header('Content-Disposition: attachment; filename=' . basename($callog)); header('Content-Transfer-Encoding: binary'); - header('Expires: 0'); - header('Cache-Control: must-revalidate'); - header('Pragma: public'); + header('Expires: Sat, 26 Jul 1997 05:00:00 GMT'); + header('Cache-Control: no-cache, must-revalidate'); + header('Pragma: no-cache'); header('Content-Length: ' . filesize($callog)); ob_clean(); flush(); readfile($callog); exit; - break; + break; } +} ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> - <?php +<?php include("fbegin.inc"); ?> +<?php $savemsg = $_GET["savemsg"]; if ($savemsg) { - print_info_box($savemsg); + print_info_box($savemsg); } +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Commands"), false, "asterisk_cmd.php"); + $tab_array[1] = array(gettext("Calls"), true, "asterisk_calls.php"); + $tab_array[2] = array(gettext("Log"), false, "asterisk_log.php"); + $tab_array[3] = array(gettext("Edit configuration"), false, "asterisk_edit_file.php"); + display_top_tabs($tab_array); ?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <?php - $tab_array = array(); - $tab_array[0] = array(gettext("Commands"), false, "asterisk_cmd.php"); - $tab_array[1] = array(gettext("Calls"), true, "asterisk_calls.php"); - $tab_array[2] = array(gettext("Log"), false, "asterisk_log.php"); - $tab_array[3] = array(gettext("Edit configuration"), false, "asterisk_edit_file.php"); - display_top_tabs($tab_array); - ?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <?php - if (file_exists($callog)) - $file_handle = fopen($callog, "r"); - ?> - <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="6" class="listtopic">Last 50 Asterisk calls</td> - </tr> - <tr> - <td nowrap class="listhdrr"><?=gettext("From");?></td> - <td nowrap class="listhdrr"><?=gettext("To");?></a></td> - <td nowrap class="listhdrr"><?=gettext("Start");?></td> - <td nowrap class="listhdrr"><?=gettext("End");?></a></td> - <td nowrap class="listhdrr"><?=gettext("Duration");?></a></td> - <td nowrap class="listhdrr"><?=gettext("Status");?></td> - </tr> - <?php - $out = ''; - if (file_exists($callog)){ - while (!feof($file_handle) ) { - $lin = fgetcsv($file_handle, 102400); - if ($lin[12] != "") { - $out = "<tr>" . $out; - $out = "<td class='listlr'>" . utf8_decode(str_replace('"', '', $lin[4])) . "</td><td class='listlr'>" . $lin[2] . "</td><td class='listlr'>" . $lin[9] . "</td><td class='listlr'>" . $lin[11] . "</td><td class='listlr'>" . gmdate("G:i:s", $lin[12]) . "</td><td class='listlr'>" . $lin[14] . "</td>" . $out; - $out = "</tr>" . $out; - } - } - fclose($file_handle); - } - echo $out; - echo "<tr><td colspan='6'><a href='$pfile?cmd=download'><input type='button' name='command' value='Download' class='formbtn'></a>"; - echo "<a href='$pfile?cmd=trim'><input type='button' name='command' value='Trim log' class='formbtn'></a>"; - echo "<a href='$pfile?cmd=clear'><input type='button' name='command' value='Clear log' class='formbtn'></a></td></tr>"; - ?> - </table> - </div> - </td> - </tr> - </table> - -<p/> +</td></tr> + +<tr><td> + <div id="mainarea"> + <?php + if (file_exists($callog)) { + $file_handle = fopen($callog, "r"); + } + ?> + <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="6" class="listtopic">Last 50 Asterisk calls</td> + </tr> + <tr> + <td nowrap="nowrap" class="listhdrr"><?=gettext("From");?></td> + <td nowrap="nowrap" class="listhdrr"><?=gettext("To");?></td> + <td nowrap="nowrap" class="listhdrr"><?=gettext("Start");?></td> + <td nowrap="nowrap" class="listhdrr"><?=gettext("End");?></td> + <td nowrap="nowrap" class="listhdrr"><?=gettext("Duration");?></td> + <td nowrap="nowrap" class="listhdrr"><?=gettext("Status");?></td> + </tr> + <?php + $out = ''; + if (file_exists($callog)) { + while (!feof($file_handle)) { + $lin = fgetcsv($file_handle, 102400); + if ($lin[12] != "") { + $out = "<tr>" . $out; + $out = "<td class='listlr'>" . utf8_decode(str_replace('"', '', $lin[4])) . "</td><td class='listlr'>" . $lin[2] . "</td><td class='listlr'>" . $lin[9] . "</td><td class='listlr'>" . $lin[11] . "</td><td class='listlr'>" . gmdate("G:i:s", $lin[12]) . "</td><td class='listlr'>" . $lin[14] . "</td>" . $out; + $out = "</tr>" . $out; + } + } + fclose($file_handle); + } + echo $out; + echo "<tr><td colspan='6'><a href='$pfile?cmd=download'><input type='button' name='command' value='Download' class='formbtn' /></a>"; + echo "<a href='$pfile?cmd=trim'><input type='button' name='command' value='Trim log' class='formbtn' /></a>"; + echo "<a href='$pfile?cmd=clear'><input type='button' name='command' value='Clear log' class='formbtn' /></a></td></tr>"; + ?> + </table> + </div> +</td></tr> +</table> + +<br /> <span class="vexpl"> <span class="red"> <strong><?=gettext("Notes:");?><br /></strong> </span> - <?=gettext("Listed in reverse order (latest on top).");?> <br> - <?=gettext("Duration includes ringing time.");?> <br> + <?=gettext("Listed in reverse order (latest on top).");?> <br /> + <?=gettext("Duration includes ringing time.");?> <br /> <?=gettext("Trim keeps the last 50 entries.");?> <? -if ($g['platform'] == "nanobsd") - echo "<br>This log may be lost when rebooting the system."; +if ($g['platform'] == "nanobsd") { + echo "<br />This log may be lost when rebooting the system."; +} ?> - - </span> - <?php include("fend.inc"); ?> </body> +</html> diff --git a/config/asterisk/asterisk_cmd.php b/config/asterisk/asterisk_cmd.php index da684cde..5ba1b460 100644 --- a/config/asterisk/asterisk_cmd.php +++ b/config/asterisk/asterisk_cmd.php @@ -1,14 +1,10 @@ <?php -/* $Id$ */ /* - status_asterisk.php - part of pfSense - Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>. + asterisk_cmd.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2013 robi <robreg@zsurob.hu> - All rights reserved. - - originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,7 +28,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* +/* pfSense_MODULE: asterisk */ @@ -56,73 +52,75 @@ include("head.inc"); <?php /* Data input processing */ -$cmd = $_GET['cmd']; -$cmd = str_replace("+", " ", $cmd); +$cmd = $_GET['cmd']; +$cmd = str_replace("+", " ", $cmd); if ($cmd == "") { $cmd = "core show settings"; } $file = $_SERVER["SCRIPT_NAME"]; -$break = Explode('/', $file); -$pfile = $break[count($break) - 1]; - +$break = explode('/', $file); +$pfile = $break[count($break) - 1]; ?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> + +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Commands"), true, "asterisk_cmd.php"); + $tab_array[1] = array(gettext("Calls"), false, "asterisk_calls.php"); + $tab_array[2] = array(gettext("Log"), false, "asterisk_log.php"); + $tab_array[3] = array(gettext("Edit configuration"), false, "asterisk_edit_file.php"); + display_top_tabs($tab_array); + ?> +</td></tr> + +<tr><td> + <div id="mainarea"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr><td class="listtopic"> + <table> + <tr> + <?php + /* Print command buttons */ + echo "<td align='center'><a href='$pfile?cmd=sip+show+registry'><input type='button' name='command' value='SIP Registry' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=sip+show+peers'><input type='button' name='command' value='SIP Peers' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=sip+show+channels'><input type='button' name='command' value='SIP Channels' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+show+channels'><input type='button' name='command' value='Channels' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+show+codecs+audio'><input type='button' name='command' value='Codecs' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+show+translation+recalc+10'><input type='button' name='command' value='Translation' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=sip+show+settings'><input type='button' name='command' value='SIP Settings' class='formbtns' style='width: 100px' /></a></td>"; + ?> + </tr> + <tr> + <?php + echo "<td align='center'><a href='$pfile?cmd=sip+reload'><input type='button' name='command' value='Reload SIP' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=dialplan+reload'><input type='button' name='command' value='Reload Extensions' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+reload'><input type='button' name='command' value='Reload Core' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+show+uptime'><input type='button' name='command' value='Uptime' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='center'><a href='$pfile?cmd=core+restart+now'><input type='button' name='command' value='Restart Asterisk' class='formbtns' style='width: 100px' /></a></td>"; + echo "<td align='right' colspan='2'><form name='input' action='$pfile' method='get'><input type='text' name='cmd' style='width: 145px' /><input type='submit' value='SEND' class='formbtns' style='width: 50px' /></form></td>"; + ?> + </tr> + </table> + </td></tr> + <tr valign="top"> + <td class="listlr" nowrap="nowrap"> <?php - $tab_array = array(); - $tab_array[0] = array(gettext("Commands"), true, "asterisk_cmd.php"); - $tab_array[1] = array(gettext("Calls"), false, "asterisk_calls.php"); - $tab_array[2] = array(gettext("Log"), false, "asterisk_log.php"); - $tab_array[3] = array(gettext("Edit configuration"), false, "asterisk_edit_file.php"); - display_top_tabs($tab_array); + /* Run commands and print results */ + $asterisk_command = shell_exec("/usr/local/sbin/asterisk -rx '$cmd'"); + echo "<pre style='font-size: 11px; background: white'>"; + echo $asterisk_command; + echo "</pre>"; ?> </td> </tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listtopic"> - <table><tr> - <?php - /* Print command buttons */ - echo "<td align='center'><a href='$pfile?cmd=sip+show+registry'><input type='button' name='command' value='SIP Registry' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=sip+show+peers'><input type='button' name='command' value='SIP Peers' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=sip+show+channels'><input type='button' name='command' value='SIP Channels' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=core+show+channels'><input type='button' name='command' value='Channels' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=core+show+codecs+audio'><input type='button' name='command' value='Codecs' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=core+show+translation+recalc+10'><input type='button' name='command' value='Translation' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=sip+show+settings'><input type='button' name='command' value='SIP Settings' class='formbtns' style='width: 100px'></a></td>"; - echo "</tr><tr>"; - //echo "<td></td>"; - echo "<td align='center'><a href='$pfile?cmd=sip+reload'><input type='button' name='command' value='Reload SIP' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=dialplan+reload'><input type='button' name='command' value='Reload Extensions' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=core+reload'><input type='button' name='command' value='Reload Core' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=core+show+uptime'><input type='button' name='command' value='Uptime' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='center'><a href='$pfile?cmd=core+restart+now'><input type='button' name='command' value='Restart Asterisk' class='formbtns' style='width: 100px'></a></td>"; - echo "<td align='right' colspan='2'><form name='input' action='$pfile' method='get'><input type='text' name='cmd' style='width: 145px'><input type='submit' value='SEND' class='formbtns' style='width: 50px'></form> </td>"; - ?> - </tr></table> - </td> - </tr> - <tr valign="top"> - <td class="listlr" nowrap> - <?php - /* Run commands and print results */ - $asterisk_command=shell_exec("asterisk -rx '$cmd'"); - echo "<pre style='font-size:11px; background:white'>"; - echo $asterisk_command; - echo "</pre>"; - ?> - </td> - </tr> - </table> - </div> - </td> - </tr> - </table> + </table> + </div> +</td></tr> +</table> + <?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/asterisk/asterisk_edit_file.php b/config/asterisk/asterisk_edit_file.php index 1c992d26..353ecd07 100644 --- a/config/asterisk/asterisk_edit_file.php +++ b/config/asterisk/asterisk_edit_file.php @@ -1,8 +1,10 @@ <?php /* - edit.php - Copyright (C) 2004, 2005 Scott Ullrich + asterisk_edit_file.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com> Copyright (C) 2013 robi <robreg@zsurob.hu> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,7 +29,7 @@ POSSIBILITY OF SUCH DAMAGE. */ /* - pfSense_MODULE: shell + pfSense_MODULE: asterisk */ ##|+PRIV @@ -37,21 +39,19 @@ ##|*MATCH=asterisk_edit_file.php* ##|-PRIV -$pgtitle = array(gettext("Status"),gettext("Asterisk configuration files")); require("guiconfig.inc"); - $backup_dir = "/conf"; $backup_filename = "asterisk_config.bak.tgz"; $backup_path = "{$backup_dir}/{$backup_filename}"; $files_dir = "/conf/asterisk"; $host = "{$config['system']['hostname']}.{$config['system']['domain']}"; -$downname = "asterisk-config-{$host}-".date("YmdHis").".bak.tgz"; //put the date in the filename +// Put the date in the filename +$downname = "asterisk-config-{$host}-" . date("YmdHis") . ".bak.tgz"; if (($_GET['a'] == "download") && $_GET['t'] == "backup") { conf_mount_rw(); -// system("cd {$files_dir} && tar czf {$backup_path} *"); - system("cd {$files_dir} && tar czf {$backup_path} --exclude 'dist/*' --exclude dist *"); + system("cd {$files_dir} && /usr/bin/tar czf {$backup_path} --exclude 'dist/*' --exclude dist *"); conf_mount_ro(); } @@ -63,8 +63,8 @@ if (($_GET['a'] == "download") && file_exists("{$backup_path}")) { header("Content-Type: application/download"); header("Content-Description: File Transfer"); header("Content-Disposition: attachment; filename=\"{$downname}\""); - header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 - header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past + header("Cache-Control: no-cache, must-revalidate"); + header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); header("Content-Length: " . filesize("{$backup_path}")); fpassthru($fd); exit; @@ -72,40 +72,38 @@ if (($_GET['a'] == "download") && file_exists("{$backup_path}")) { if ($_GET['a'] == "other") { if ($_GET['t'] == "restore") { - //extract files to $files_dir (/conf/asterisk) + // Extract files to $files_dir (/conf/asterisk) if (file_exists($backup_path)) { - //echo "The file $filename exists"; conf_mount_rw(); - exec("tar -xzC {$files_dir} -f {$backup_path} 2>&1", $sysretval); + exec("/usr/bin/tar -xzC {$files_dir} -f {$backup_path} 2>&1", $sysretval); $savemsg = "Backup has been restored, please restart Asterisk now " . $sysretval[1]; - system("chmod -R 644 {$files_dir}/*"); - header( 'Location: asterisk_edit_file.php?savemsg=' . $savemsg ) ; + system("/bin/chmod -R 644 {$files_dir}/*"); + header('Location: asterisk_edit_file.php?savemsg=' . $savemsg); conf_mount_ro(); } else { - header( 'Location: asterisk_edit_file.php?savemsg=Restore+failed.+Backup+file+not+found.' ) ; + header('Location: asterisk_edit_file.php?savemsg=Restore+failed.+Backup+file+not+found.'); } exit; } if ($_GET['t'] == "factrest") { - //extract files to $files_dir (/conf/asterisk) + // Extract files to $files_dir (/conf/asterisk) if (file_exists('/conf.default/asterisk_factory_defaults_config.tgz')) { - //echo "The file $filename exists"; conf_mount_rw(); - exec("tar -xzC {$files_dir} -f /conf.default/asterisk_factory_defaults_config.tgz 2>&1", $sysretval); + exec("/usr/bin/tar -xzC {$files_dir} -f /conf.default/asterisk_factory_defaults_config.tgz 2>&1", $sysretval); $savemsg = "Factory configuration restored, please restart Asterisk now " . $sysretval[1]; - system("chmod -R 644 {$files_dir}/*"); - header( 'Location: asterisk_edit_file.php?savemsg=' . $savemsg ) ; + system("/bin/chmod -R 644 {$files_dir}/*"); + header('Location: asterisk_edit_file.php?savemsg=' . $savemsg); conf_mount_ro(); } exit; } if ($_GET['t'] == "deldist") { - //delete dist directory from $files_dir/dist (/conf/asterisk/dist) + // Delete dist directory from $files_dir/dist (/conf/asterisk/dist) if (file_exists($files_dir . "/dist")) { conf_mount_rw(); - exec("rm -r {$files_dir}/dist 2>&1", $sysretval); + exec("/bin/rm -r {$files_dir}/dist 2>&1", $sysretval); $savemsg = "Deleted dist files " . $sysretval[1]; - header( 'Location: asterisk_edit_file.php?savemsg=' . $savemsg ) ; + header('Location: asterisk_edit_file.php?savemsg=' . $savemsg); conf_mount_ro(); } exit; @@ -114,53 +112,55 @@ if ($_GET['a'] == "other") { if (($_POST['submit'] == "Upload") && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { $upfilnam = $_FILES['ulfile']['name']; - $upfiltim = strtotime(str_replace(".bak.tgz","",end(explode("-",$upfilnam)))); + $upfiltim = strtotime(str_replace(".bak.tgz", "", end(explode("-", $upfilnam)))); conf_mount_rw(); move_uploaded_file($_FILES['ulfile']['tmp_name'], "{$backup_path}"); - $savemsg = "Uploaded ". htmlentities($_FILES['ulfile']['name']) . " file as " . $backup_path . "." ; - system('chmod -R 644 {$backup_path}'); - if ($upfiltim) { //take the date from the filename and update modified time accordingly + $savemsg = "Uploaded " . htmlentities($_FILES['ulfile']['name']) . " file as " . $backup_path . "."; + system("/bin/chmod -R 644 {$backup_path}"); + // Take the date from the filename and update modified time accordingly + if ($upfiltim) { touch($backup_path, $upfiltim); } unset($_POST['txtCommand']); conf_mount_ro(); - header( 'Location: asterisk_edit_file.php?savemsg=' . $savemsg ) ; + header('Location: asterisk_edit_file.php?savemsg=' . $savemsg); } -if($_REQUEST['action']) { +if ($_REQUEST['action']) { switch($_REQUEST['action']) { case 'load': - if(strlen($_REQUEST['file']) < 1) { + if (strlen($_REQUEST['file']) < 1) { echo "|5|" . gettext("No file name specified") . ".|"; - } elseif(is_dir($_REQUEST['file'])) { + } elseif (is_dir($_REQUEST['file'])) { echo "|4|" . gettext("Loading a directory is not supported") . ".|"; - } elseif(! is_file($_REQUEST['file'])) { + } elseif (! is_file($_REQUEST['file'])) { echo "|3|" . gettext("File does not exist or is not a regular file") . ".|"; } else { $data = file_get_contents(urldecode($_REQUEST['file'])); - if($data === false) { + if ($data === false) { echo "|1|" . gettext("Failed to read file") . ".|"; } else { - echo "|0|{$_REQUEST['file']}|{$data}|"; + echo "|0|{$_REQUEST['file']}|{$data}|"; } } exit; case 'save': - if(strlen($_REQUEST['file']) < 1) { + if (strlen($_REQUEST['file']) < 1) { echo "|" . gettext("No file name specified") . ".|"; } else { conf_mount_rw(); $_REQUEST['data'] = str_replace("\r", "", base64_decode($_REQUEST['data'])); $ret = file_put_contents($_REQUEST['file'], $_REQUEST['data']); conf_mount_ro(); - if($_REQUEST['file'] == "/conf/config.xml" || $_REQUEST['file'] == "/cf/conf/config.xml") { - if(file_exists("/tmp/config.cache")) + if ($_REQUEST['file'] == "/conf/config.xml" || $_REQUEST['file'] == "/cf/conf/config.xml") { + if (file_exists("/tmp/config.cache")) { unlink("/tmp/config.cache"); + } disable_security_checks(); } - if($ret === false) { + if ($ret === false) { echo "|" . gettext("Failed to write file") . ".|"; - } elseif($ret <> strlen($_REQUEST['data'])) { + } elseif ($ret <> strlen($_REQUEST['data'])) { echo "|" . gettext("Error while writing file") . ".|"; } else { echo "|" . gettext("File successfully saved") . ".|"; @@ -170,10 +170,10 @@ if($_REQUEST['action']) { } exit; } + $shortcut_section = "asterisk"; +$pgtitle = array(gettext("Status"), gettext("Asterisk configuration files")); require("head.inc"); -outputJavaScriptFileInline("filebrowser/browser.js"); -outputJavaScriptFileInline("javascript/base64.js"); ?> @@ -181,21 +181,34 @@ outputJavaScriptFileInline("javascript/base64.js"); <?php include("fbegin.inc"); ?> <?php -$savemsg = $_GET["savemsg"]; -if ($savemsg) { - print_info_box($savemsg); -} + $savemsg = $_GET["savemsg"]; + if ($savemsg) { + print_info_box($savemsg); + } ?> -<script type="text/javascript"> +<script type="text/javascript"> +//<![CDATA[ +<?php include("filebrowser/browser.js"); ?> +//]]> +</script> + +<script type="text/javascript"> +//<![CDATA[ +<?php include("javascript/base64.js"); ?> +//]]> +</script> + +<script type="text/javascript"> +//<![CDATA[ function loadFile() { $("fileStatus").innerHTML = "<?=gettext("Loading file"); ?> ..."; Effect.Appear("fileStatusBox", { duration: 0.5 }); new Ajax.Request( "<?=$_SERVER['SCRIPT_NAME'];?>", { - method: "post", - postBody: "action=load&file=" + $("fbTarget").value, + method: "post", + postBody: "action=load&file=" + $("fbTarget").value, onComplete: loadComplete } ); @@ -209,10 +222,10 @@ if ($savemsg) { if(values.shift() == "0") { var file = values.shift(); $("fileStatus").innerHTML = "<?=gettext("File successfully loaded"); ?>."; - $("fileContent").value = values.join("|"); + $("fileContent").value = values.join("|"); var lang = "none"; - if(file.indexOf(".php") > 0) lang = "php"; + if(file.indexOf(".php") > 0) lang = "php"; else if(file.indexOf(".inc") > 0) lang = "php"; else if(file.indexOf(".xml") > 0) lang = "xml"; else if(file.indexOf(".js" ) > 0) lang = "js"; @@ -229,14 +242,14 @@ if ($savemsg) { function saveFile(file) { $("fileStatus").innerHTML = "<?=gettext("Saving file"); ?> ..."; Effect.Appear("fileStatusBox", { duration: 0.5 }); - + var fileContent = Base64.encode($("fileContent").value); fileContent = fileContent.replace(/\+/g,"%2B"); - + new Ajax.Request( "<?=$_SERVER['SCRIPT_NAME'];?>", { - method: "post", - postBody: "action=save&file=" + $("fbTarget").value + + method: "post", + postBody: "action=save&file=" + $("fbTarget").value + "&data=" + fileContent, onComplete: function(req) { var values = req.responseText.split("|"); @@ -246,7 +259,7 @@ if ($savemsg) { ); } - + function ckrest() { if(document.getElementById('ckrest').checked==true) { @@ -263,188 +276,174 @@ if ($savemsg) { document.getElementById('deldistdire').disabled=true; } } - - + +//]]> </script> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <?php - $tab_array = array(); - $tab_array[0] = array(gettext("Commands"), false, "asterisk_cmd.php"); - $tab_array[1] = array(gettext("Calls"), false, "asterisk_calls.php"); - $tab_array[2] = array(gettext("Log"), false, "asterisk_log.php"); - $tab_array[3] = array(gettext("Edit configuration"), true, "asterisk_edit_file.php"); - display_top_tabs($tab_array); - ?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - - <!-- backup options --> - <div style="background:#eeeeee;"> - <div class="vexpl" style="padding-left:15px;"> - <br /> - <table width='98%' cellpadding='0' cellspacing='0' border='0'> - <tr> - <td width='80%'> - <b>Backup / Restore</b> - The 'Backup' button will tar gzip asterisk configuration files to <? echo $backup_path; ?> it then offers it to download.<br> - The 'Restore' button will be visible only if the <? echo $backup_path; ?> backup file exists.<br> - You can upload a backup file to the system, if one already exists at <? echo $backup_path; ?>, it will be overwritten. - <br /> - </td> - <td width='20%' valign='middle' align='right'> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Commands"), false, "asterisk_cmd.php"); + $tab_array[1] = array(gettext("Calls"), false, "asterisk_calls.php"); + $tab_array[2] = array(gettext("Log"), false, "asterisk_log.php"); + $tab_array[3] = array(gettext("Edit configuration"), true, "asterisk_edit_file.php"); + display_top_tabs($tab_array); + ?> +</td></tr> + +<tr><td> + <div id="mainarea"> + <!-- backup options --> + <div style="background:#eeeeee;"> + <div class="vexpl" style="padding-left:15px;"><br /> + <table width='98%' cellpadding='0' cellspacing='0' border='0'> + <tr> + <td width='80%'> + <strong>Backup / Restore</strong> + The 'Backup' button will tar gzip asterisk configuration files to <? echo $backup_path; ?> it then offers it to download.<br /> + The 'Restore' button will be visible only if the <? echo $backup_path; ?> backup file exists.<br /> + You can upload a backup file to the system, if one already exists at <? echo $backup_path; ?>, it will be overwritten.<br /> + </td> + <td width='20%' valign='middle' align='right'> <?php - echo " <input type='button' value='Backup' onclick=\"document.location.href='asterisk_edit_file.php?a=download&t=backup';\" />\n"; - if (file_exists($backup_path)) { - echo " <input type='button' value='Restore' onclick=\"document.location.href='asterisk_edit_file.php?a=other&t=restore';\" />\n"; - } + echo "<input type='button' value='Backup' onclick=\"document.location.href='asterisk_edit_file.php?a=download&t=backup';\" />\n"; + if (file_exists($backup_path)) { + echo "<input type='button' value='Restore' onclick=\"document.location.href='asterisk_edit_file.php?a=other&t=restore';\" />\n"; + } ?> - </td> - </tr></table><br> - <table width='98%' cellpadding='0' cellspacing='0' border='0'> - <tr> - <td width='20%' valign='middle' align='left'> + </td> + </tr> + </table> + <br /> + <table width='98%' cellpadding='0' cellspacing='0' border='0'> + <tr> + <td width='20%' valign='middle' align='left'> <?php if (file_exists($backup_path)) { - echo $backup_filename . " date:<br>" . date ("Y F d H:i:s.", filemtime($backup_path)); + echo $backup_filename . " date:<br />" . date ("Y F d H:i:s.", filemtime($backup_path)); } ?> - </td> - <td width='80%' valign='middle' align='right'> - <form action="asterisk_edit_file.php" method="POST" enctype="multipart/form-data" name="frmUpload" onSubmit=""> + </td> + <td width='80%' valign='middle' align='right'> + <form action="asterisk_edit_file.php" method="post" enctype="multipart/form-data" name="frmUpload" onsubmit=""> Upload backup file: - <input name="ulfile" type="file" class="button" id="ulfile"> - <input name="submit" type="submit" class="button" id="upload" value="Upload"> + <input name="ulfile" type="file" class="button" id="ulfile" /> + <input name="submit" type="submit" class="button" id="upload" value="Upload" /> </form> - </td> - </tr> - </table><br /> - </div> - </div> - - - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" align="center"> - - <!-- controls --> - <table width="100%" cellpadding="9" cellspacing="9"> - <tr> - <td align="center" class="list"> - <?=gettext("Configuration files stored in"); ?>: - <input type="text" class="formfld file" id="fbTarget" value="<?=gettext($files_dir);?>" size="45" /> - <input type="button" class="formbtn" id="fbOpen" value="<?=gettext('Browse');?>" /> - <!-- <input type="button" class="formbtn" onclick="loadFile();" value="<?=gettext('Load');?>" /> --> - <input type="button" class="formbtn" onclick="saveFile();" value="<?=gettext('Save');?>" /> - <br /> - </td> - </tr> - </table> - - - - <!-- file status box --> - <div style="display:none; background:#eeeeee;" id="fileStatusBox"> - <div class="vexpl" style="padding-left:15px;"> - <strong id="fileStatus"></strong> - </div> - </div> - - - <!-- filebrowser --> - <div id="fbBrowser" style="display:none; border:1px dashed gray; width:98%;"></div> - - <!-- file viewer/editor --> - <table width="100%"> - <tr> - <td valign="top" class="label"> - <div style="background:#eeeeee;" id="fileOutput"> - <textarea id="fileContent" name="fileContent" style="width:100%;" rows="30" wrap="off"></textarea> - </div> - </td> - </tr> - </table> - - </td> - </tr> - </table> - - <script type="text/javascript"> - Event.observe( - window, "load", - function() { - $("fbTarget").focus(); - - NiftyCheck(); - Rounded("div#fileStatusBox", "all", "#ffffff", "#eeeeee", "smooth"); - } - ); - - <?php if($_GET['action'] == "load"): ?> - Event.observe( - window, "load", - function() { - $("fbTarget").value = "<?=$_GET['path'];?>"; - loadFile(); - } - ); - <?php endif; ?> - </script> - - - <div style="background:#eeeeee;"> - <div class="vexpl" style="padding-left:15px;"> - <table width='98%' cellpadding='0' cellspacing='0' border='0'> - <tr> - <td width='80%' valign='middle' align='right'><br /> - <?php - if (file_exists($files_dir . "/dist")) { - echo "<input name='ckdist' id='ckdist' type='checkbox' onclick='return ckdist();' style='vertical-align:-3px;'>enable <input type='button' value='Delete dist files' name='deldistdire' id='deldistdire' disabled='disabled' onclick=\"document.location.href='asterisk_edit_file.php?a=other&t=deldist';\" /> \n"; - } - if (file_exists("/conf.default/asterisk_factory_defaults_config.tgz")) { - echo "<input name='ckrest' id='ckrest' type='checkbox' onclick='return ckrest();' style='vertical-align:-3px;'>enable <input type='button' value='Restore to factory defaults' name='restfactdef' id='restfactdef' disabled='disabled' onclick=\"document.location.href='asterisk_edit_file.php?a=other&t=factrest';\" />\n"; - } - ?> - <br /></td> - </tr> - </table><br /> - </div> - </div> - - + </td> + </tr> + </table> + <br /> + </div> + </div> + + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td class="tabcont" align="center"> + <!-- controls --> + <table width="100%" cellpadding="9" cellspacing="9"> + <tr> + <td align="center" class="list"> + <?=gettext("Configuration files stored in"); ?>: + <input type="text" class="formfld file" id="fbTarget" value="<?=gettext($files_dir);?>" size="45" /> + <input type="button" class="formbtn" id="fbOpen" value="<?=gettext('Browse');?>" /> + <input type="button" class="formbtn" onclick="saveFile();" value="<?=gettext('Save');?>" /> + <br /> + </td> + </tr> + </table> + + <!-- file status box --> + <div style="display:none; background:#eeeeee;" id="fileStatusBox"> + <div class="vexpl" style="padding-left:15px;"> + <strong id="fileStatus"></strong> </div> - </td> - </tr> - </table> + </div> -<p/> + <!-- filebrowser --> + <div id="fbBrowser" style="display:none; border:1px dashed gray; width:98%;"></div> + + <!-- file viewer/editor --> + <table width="100%"> + <tr> + <td valign="top" class="label"> + <div style="background:#eeeeee;" id="fileOutput"> + <textarea id="fileContent" name="fileContent" style="width:100%;" rows="30" cols="65" wrap="off"></textarea> + </div> + </td> + </tr> + </table> + </td></tr> + </table> + +<script type="text/javascript"> +//<![CDATA[ + Event.observe( + window, "load", + function() { + $("fbTarget").focus(); + NiftyCheck(); + Rounded("div#fileStatusBox", "all", "#ffffff", "#eeeeee", "smooth"); + } + ); + + <?php if ($_GET['action'] == "load"): ?> + Event.observe( + window, "load", + function() { + $("fbTarget").value = "<?=$_GET['path'];?>"; + loadFile(); + } + ); + <?php endif; ?> +//]]> +</script> + + <div style="background: #eeeeee;"> + <div class="vexpl" style="padding-left:15px;"> + <table width='98%' cellpadding='0' cellspacing='0' border='0'> + <tr> + <td width='80%' valign='middle' align='right'><br /> + <?php + if (file_exists($files_dir . "/dist")) { + echo "<input name='ckdist' id='ckdist' type='checkbox' onclick='return ckdist();' style='vertical-align:-3px;'>enable <input type='button' value='Delete dist files' name='deldistdire' id='deldistdire' disabled='disabled' onclick=\"document.location.href='asterisk_edit_file.php?a=other&t=deldist';\" /> \n"; + } + if (file_exists("/conf.default/asterisk_factory_defaults_config.tgz")) { + echo "<input name='ckrest' id='ckrest' type='checkbox' onclick='return ckrest();' style='vertical-align:-3px;'>enable <input type='button' value='Restore to factory defaults' name='restfactdef' id='restfactdef' disabled='disabled' onclick=\"document.location.href='asterisk_edit_file.php?a=other&t=factrest';\" />\n"; + } + ?> + <br /> + </td> + </tr> + </table> + <br /> + </div> + </div> + </div> +</td></tr> +</table> + +<br /> <span class="vexpl"> <span class="red"> <strong><?=gettext("Note:");?><br /></strong> </span> - <?=gettext("Please back up your Asterisk configuration regularly.");?><br> + <?=gettext("Please back up your Asterisk configuration regularly.");?><br /> <?=gettext("It's worth to preserve the automatically generated filename of the downloaded backup file. It contains the backup creation date, which is used when uploading it back to the system.");?> <?php - $sipconf=$files_dir . "/sip.conf"; - if (file_exists($sipconf)){ - $sipconf_file=file_get_contents($sipconf); - if (strpos($sipconf_file,"demo extension for pfSense") !== false) { + $sipconf = $files_dir . "/sip.conf"; + if (file_exists($sipconf)) { + $sipconf_file = file_get_contents($sipconf); + if (strpos($sipconf_file, "demo extension for pfSense") !== false) { ?><br /> <?=gettext("This Asterisk configuration on pfSense contains two demo SIP accounts, 301 and 302 with password 1234, for you to test functionality. Check sip.conf for more details. These accounts can be safely removed at any time.");?> <?php } - } + } ?> - </span> - + <?php include("fend.inc"); ?> </body> </html> diff --git a/config/asterisk/asterisk_log.php b/config/asterisk/asterisk_log.php index f4a752d2..44ba8acf 100644 --- a/config/asterisk/asterisk_log.php +++ b/config/asterisk/asterisk_log.php @@ -1,15 +1,11 @@ <?php -/* $Id$ */ /* - status_asterisk_log.php - part of pfSense - Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com>. - Copyright (C) 2012 robi <robreg@zsurob.hu> + asterisk_log.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Scott Ullrich <sullrich@gmail.com> + Copyright (C) 2012 robi <robreg@zsurob.hu> Copyright (C) 2012 Marcello Coutinho - All rights reserved. - - originally part of m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2005 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -33,7 +29,7 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* +/* pfSense_MODULE: asterisk */ @@ -51,94 +47,84 @@ $shortcut_section = "asterisk"; include("head.inc"); /* Path to Asterisk log file */ -//if ($g['platform'] == "nanobsd") -// $log = "/tmp/asterisk.log"; -//else $log = "/var/log/asterisk/messages"; ?> <?php /* Data input processing */ -$cmd = $_GET['cmd']; -//$cmd = str_replace("+", " ", $cmd); +$cmd = $_GET['cmd']; +//$cmd = str_replace("+", " ", $cmd); $file = $_SERVER["SCRIPT_NAME"]; -$break = Explode('/', $file); -$pfile = $break[count($break) - 1]; +$break = explode('/', $file); +$pfile = $break[count($break) - 1]; if (file_exists($log)) { if ($cmd == "trim") { - $trimres=shell_exec("tail -50 '$log' > /tmp/trimmed_asterisk.log && rm '$log' && mv /tmp/trimmed_asterisk.log '$log' && chown asterisk:asterisk '$log' && chmod g+w '$log'"); - header( 'Location: asterisk_log.php?savemsg=Log+trimmed.') ; + $trimres = shell_exec("/usr/bin/tail -n 50 '$log' > /tmp/trimmed_asterisk.log && /bin/rm '$log' && /bin/mv /tmp/trimmed_asterisk.log '$log' && /usr/sbin/chown asterisk:asterisk '$log' && /bin/chmod g+w '$log'"); + header('Location: asterisk_log.php?savemsg=Log+trimmed.'); } if ($cmd == "clear") { - $trimres=shell_exec("rm '$log' && touch '$log' && chown asterisk:asterisk '$log' && chmod g+w '$log'"); - header( 'Location: asterisk_log.php?savemsg=Log+cleared.') ; + $trimres = shell_exec("/bin/rm '$log' && /usr/bin/touch '$log' && /usr/sbin/chown asterisk:asterisk '$log' && /bin/chmod g+w '$log'"); + header('Location: asterisk_log.php?savemsg=Log+cleared.'); } } ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> - <?php +<?php include("fbegin.inc"); ?> +<?php $savemsg = $_GET["savemsg"]; if ($savemsg) { - print_info_box($savemsg); + print_info_box($savemsg); } +?> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td> + <?php + $tab_array = array(); + $tab_array[0] = array(gettext("Commands"), false, "asterisk_cmd.php"); + $tab_array[1] = array(gettext("Calls"), false, "asterisk_calls.php"); + $tab_array[2] = array(gettext("Log"), true, "asterisk_log.php"); + $tab_array[3] = array(gettext("Edit configuration"), false, "asterisk_edit_file.php"); + display_top_tabs($tab_array); ?> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> - <?php - $tab_array = array(); - $tab_array[0] = array(gettext("Commands"), false, "asterisk_cmd.php"); - $tab_array[1] = array(gettext("Calls"), false, "asterisk_calls.php"); - $tab_array[2] = array(gettext("Log"), true, "asterisk_log.php"); - $tab_array[3] = array(gettext("Edit configuration"), false, "asterisk_edit_file.php"); - display_top_tabs($tab_array); - ?> - </td> - </tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td colspan="2" class="listtopic">Last 50 Asterisk log entries</td> - </tr> - - <tr valign="top"><td class="listlr" nowrap> - +</td></tr> +<tr><td> + <div id="mainarea"> + <table class="tabcont sortable" width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td colspan="2" class="listtopic">Last 50 Asterisk log entries</td> + </tr> + <tr valign="top"><td class="listlr" nowrap="nowrap"> <?php $showlog_command=shell_exec("tail -50 '$log'"); echo nl2br($showlog_command); ?> - </td></tr> + </td></tr> <?php - echo "<tr><td colspan='6'><a href='$pfile?cmd=trim'><input type='button' name='command' value='Trim log' class='formbtn'></a>"; - echo "<a href='$pfile?cmd=clear'><input type='button' name='command' value='Clear log' class='formbtn'></a></td></tr>"; + echo "<tr><td colspan='6'><a href='$pfile?cmd=trim'><input type='button' name='command' value='Trim log' class='formbtn' /></a>"; + echo "<a href='$pfile?cmd=clear'><input type='button' name='command' value='Clear log' class='formbtn' /></a></td></tr>"; ?> - </table> - </div> - </td> - </tr> - </table> + </table> + </div> +</td></tr> +</table> -<p/> +<br /> <span class="vexpl"> <span class="red"> <strong><?=gettext("Note:");?><br /></strong> </span> <?=gettext("Trim keeps the last 50 lines of the log.");?> -<? -if ($g['platform'] == "nanobsd") - echo "<br>This log may be lost when rebooting the system."; -?> - - + <?php + if ($g['platform'] == "nanobsd") { + echo "<br />This log may be lost when rebooting the system."; + } + ?> </span> <?php include("fend.inc"); ?> diff --git a/config/asterisk/pkg_asterisk.inc b/config/asterisk/pkg_asterisk.inc index 129313c4..ad26ee80 100644 --- a/config/asterisk/pkg_asterisk.inc +++ b/config/asterisk/pkg_asterisk.inc @@ -8,4 +8,4 @@ $shortcuts['asterisk']['log'] = "asterisk_log.php"; $shortcuts['asterisk']['status'] = "asterisk_cmd.php"; $shortcuts['asterisk']['service'] = "asterisk"; -?>
\ No newline at end of file +?> diff --git a/config/avahi/avahi.inc b/config/avahi/avahi.inc index 7d69af78..ba89676f 100644 --- a/config/avahi/avahi.inc +++ b/config/avahi/avahi.inc @@ -36,8 +36,6 @@ if ($pfs_version == "2.1" || $pfs_version == "2.2") { } function avahi_install() { - conf_mount_rw(); - if (!file_exists('/usr/local/etc/gnome.subr')) { @symlink(AVAHI_BASE . '/etc/gnome.subr', '/usr/local/etc/gnome.subr'); } @@ -49,21 +47,10 @@ function avahi_install() { if (!exec("/usr/sbin/pw groupshow avahi")) { exec("/usr/sbin/pw groupadd avahi -g 558"); } - - conf_mount_ro(); } function avahi_deinstall() { - conf_mount_rw(); - - // Stop services and remove created rc script and symlink - if (is_process_running("avahi-daemon")) { - exec("/usr/bin/killall -9 avahi-daemon"); - } - if (is_process_running("dbus-daemon")) { - exec("/usr/bin/killall -9 dbus-daemon"); - } - unlink_if_exists("/usr/local/etc/rc.d/avahi-daemon.sh"); + // Remove created symlink unlink_if_exists("/usr/local/etc/gnome.subr"); // Remove created users and groups if they exist @@ -73,28 +60,39 @@ function avahi_deinstall() { if (exec("/usr/sbin/pw usershow avahi")) { exec("/usr/sbin/pw userdel avahi"); } - - conf_mount_ro(); } function avahi_write_config() { - global $config; + global $config, $avahi_config; conf_mount_rw(); // Pull some various values out of config.xml + if (isset($config['installedpackages']['avahi']['config'][0])) { + $avahi_config = $config['installedpackages']['avahi']['config'][0]; + } + // Server Options $hostname = $config['system']['hostname']; $domain = $config['system']['domain']; - $enable = $config['installedpackages']['avahi']['config'][0]['enable']; - $browsedomains = $config['installedpackages']['avahi']['config'][0]['browsedomains']; - $denyif = $config['installedpackages']['avahi']['config'][0]['denyinterfaces']; - $useipv4 = ($config['installedpackages']['avahi']['config'][0]['disable_ipv4']) ? "no" : "yes"; - $useipv6 = ($config['installedpackages']['avahi']['config'][0]['disable_ipv6']) ? "no" : "yes"; - $usedbus = ($config['installedpackages']['avahi']['config'][0]['disable_dbus']) ? "no" : "yes"; - - // No supplied domains? Use the defaults. - if (!$browsedomains) { - $browsedomains = "local, 0pointer.de, zeroconf.org"; - } + $enable = $avahi_config['enable']; + $browsedomains = $avahi_config['browsedomains'] ?: "local"; + $denyif = $avahi_config['denyinterfaces']; + $useipv4 = ($avahi_config['enable_ipv4']) ? "yes" : "no"; + $useipv6 = ($avahi_config['enable_ipv6']) ? "yes" : "no"; + $usedbus = ($avahi_config['disable_dbus']) ? "no" : "yes"; + // Wide Area + $widearea = ($avahi_config['enable_wide_area']) ? "yes" : "no"; + // Publishing Options + $publish = ($avahi_config['disable_publishing']) ? "no" : "yes"; + $userpublish = ($avahi_config['disable_user_service_publishing']) ? "no" : "yes"; + $addresspublish = ($avahi_config['publish_addresses']) ? "yes" : "no"; + $cookie = ($avahi_config['add_service_cookie']) ? "yes" : "no"; + $hinfopublish = ($avahi_config['publish_hinfo']) ? "yes" : "no"; + $wspublish = ($avahi_config['publish_workstation']) ? "yes" : "no"; + $aaaaonv4 = ($avahi_config['publish_aaaa_on_ipv4']) ? "yes" : "no"; + $aonv6 = ($avahi_config['publish_a_on_ipv6']) ? "yes" : "no"; + // Reflector Options + $reflect = ($avahi_config['enable_reflector']) ? "yes" : "no"; + $reflectipv = ($avahi_config['reflect_ipv']) ? "yes" : "no"; // Never pass along WAN. Bad. $denyinterfaces = $config['interfaces']['wan']['if']; @@ -109,6 +107,15 @@ function avahi_write_config() { } } } + + // Process DNS servers and omit localhost if present in /etc/resolv.conf + $publishdns = ''; + $dns = implode(" ", get_dns_servers()); + $dns = trim(str_replace('127.0.0.1', '', $dns)); + $dns = str_replace(' ', ', ', $dns); + if ($dns) { + $publishdns = "publish-dns-servers={$dns}"; + } // Construct the avahi configuration $avahiconfig = <<<EOF @@ -131,24 +138,24 @@ enable-dbus={$usedbus} allow-point-to-point=yes [wide-area] -enable-wide-area=yes +enable-wide-area={$widearea} [publish] -#disable-publishing=no -#disable-user-service-publishing=no -#add-service-cookie=no -#publish-addresses=yes -#publish-hinfo=yes -#publish-workstation=yes +disable-publishing={$publish} +disable-user-service-publishing={$userpublish} +add-service-cookie={$cookie} +publish-addresses={$addresspublish} +publish-hinfo={$hinfopublish} +publish-workstation={$wspublish} #publish-domain=yes -#publish-dns-servers=192.168.50.1, 192.168.50.2 +{$publishdns} #publish-resolv-conf-dns-servers=yes -#publish-aaaa-on-ipv4=yes -#publish-a-on-ipv6=no +publish-aaaa-on-ipv4={$aaaaonv4} +publish-a-on-ipv6={$aonv6} [reflector] -enable-reflector=yes -#reflect-ipv=no +enable-reflector={$reflect} +reflect-ipv={$reflectipv} [rlimits] rlimit-core=0 @@ -177,7 +184,7 @@ EOF; $start .= " /bin/ln -sf " . AVAHI_BASE . "/etc/gnome.subr /usr/local/etc/gnome.subr\n"; $start .= "fi\n"; $start .= "/usr/bin/killall avahi-daemon >/dev/null 2>&1\n"; - if (!$config['installedpackages']['avahi']['config'][0]['disable_dbus']) { + if (!$avahi_config['disable_dbus']) { $start .= "if [ ! -d /var/run/dbus ]; then\n"; $start .= " /bin/mkdir /var/run/dbus\n"; $start .= " /usr/sbin/chown messagebus:messagebus /var/run/dbus\n"; @@ -193,7 +200,7 @@ EOF; $start .= "/etc/rc.conf_mount_ro\n"; $stop = "/usr/bin/killall avahi-daemon >/dev/null 2>&1\n"; - if (!$config['installedpackages']['avahi']['config'][0]['disable_dbus']) { + if (!$avahi_config['disable_dbus']) { if (file_exists(AVAHI_BASE . "/etc/rc.d/dbus")) { $stop .= AVAHI_BASE . "/etc/rc.d/dbus onestop\n"; $stop .= "/bin/rm /var/run/dbus/dbus.pid >/dev/null 2>&1\n"; @@ -218,9 +225,51 @@ function avahi_sync() { } avahi_write_config(); // Is package enabled? - if (($config['installedpackages']['avahi']['config'][0]['enable']) && file_exists("/usr/local/etc/rc.d/avahi-daemon.sh")) { + if ($config['installedpackages']['avahi']['config'][0]['enable']) { start_service("avahi"); } } +function avahi_upgrade_config() { + global $config, $avahi_config; + + $avahi_config =& $config['installedpackages']['avahi']['config'][0]; + if (!is_array($avahi_config)) { + $avahi_config = array(); + } + $changes = 0; + // Convert previous disable values to enable ones + // If broken settings were configured due to lack of validation, just set to defaults + if (isset($avahi_config['disable_ipv4']) && isset($avahi_config['disable_ipv6']) && $avahi_config['disable_ipv4'] == "on" && $avahi_config['disable_ipv6'] == "on") { + $avahi_config['enable_ipv4'] = "on"; + $avahi_config['enable_ipv6'] = "on"; + unset($avahi_config['disable_ipv4']); + unset($avahi_config['disable_ipv6']); + $changes++; + } elseif (isset($avahi_config['disable_ipv4']) && $avahi_config['disable_ipv4'] != "on") { + $avahi_config['enable_ipv4'] = "on"; + unset($avahi_config['disable_ipv4']); + $changes++; + } elseif (isset($avahi_config['disable_ipv6']) && $avahi_config['disable_ipv6'] != "on") { + $avahi_config['enable_ipv6'] = "on"; + unset($avahi_config['disable_ipv6']); + $changes++; + } + if ($changes > 0 ) { + write_config("[avahi] Upgraded old package configuration."); + } +} + +function avahi_validate_input($post, &$input_errors) { + if (($post['enable_ipv4'] != "on" ) && ($post['enable_ipv6'] != "on" )) { + $input_errors[] = gettext("You cannot disable both IPv4 and IPv6!"); + } + if (($post['enable_ipv4'] != "on" ) && ($post['publish_aaaa_on_ipv4'] == "on" )) { + $input_errors[] = gettext("'Publish AAAA records on IPv4' makes no sense with IPv4 disabled."); + } + if (($post['enable_ipv6'] != "on" ) && ($post['publish_a_on_ipv6'] == "on" )) { + $input_errors[] = gettext("'Publish A records on IPv6' makes no sense with IPv6 disabled."); + } +} + ?> diff --git a/config/notes/notes.inc b/config/avahi/avahi.priv.inc index ddc54a3f..00d76794 100644 --- a/config/notes/notes.inc +++ b/config/avahi/avahi.priv.inc @@ -1,8 +1,7 @@ <?php /* - notes.inc - part of pfSense (https://www.pfSense.org/) - Copyright (C) 2008 Mark J Crane + avahi.priv.inc + part of pfSense (http://www.pfSense.org/) Copyright (C) 2015 ESF, LLC All rights reserved. @@ -27,11 +26,13 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -function notes_deinstall_command() { - conf_mount_rw(); - unlink_if_exists("/usr/local/pkg/notes.xml"); - unlink_if_exists("/usr/local/pkg/notes.inc"); - conf_mount_ro(); -} +global $priv_list; + +$priv_list['page-services-avahi'] = array(); +$priv_list['page-services-avahi']['name'] = "WebCfg - Services: Avahi package"; +$priv_list['page-services-avahi']['descr'] = "Allow access to Avahi package GUI"; + +$priv_list['page-services-avahi']['match'] = array(); +$priv_list['page-services-avahi']['match'][] = "pkg_edit.php?xml=avahi.xml*"; ?> diff --git a/config/avahi/avahi.xml b/config/avahi/avahi.xml index 0b49fea3..a69c515d 100644 --- a/config/avahi/avahi.xml +++ b/config/avahi/avahi.xml @@ -44,14 +44,14 @@ </copyright> <title>Services: Avahi</title> <name>avahi</name> - <version>1.10.0</version> + <version>1.10.1</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/avahi.inc</include_file> <menu> <name>Avahi</name> <tooltiptext>Modify avahi settings.</tooltiptext> <section>Services</section> - <url>pkg_edit.php?xml=avahi.xml&id=0</url> + <url>pkg_edit.php?xml=avahi.xml</url> </menu> <service> <name>avahi</name> @@ -64,6 +64,10 @@ <item>https://packages.pfsense.org/packages/config/avahi/avahi.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/avahi/avahi.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/etc/avahi/</prefix> <item>https://packages.pfsense.org/packages/config/avahi/services/ssh.service</item> </additional_files_needed> @@ -73,61 +77,242 @@ </additional_files_needed> <fields> <field> + <name>Server Options</name> + <type>listtopic</type> + </field> + <field> <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> <description>Enable Avahi Bonjour/Zeroconf proxy.</description> <type>checkbox</type> </field> <field> - <fielddescr>Browse domains (comma separated)</fielddescr> + <fielddescr>Browse Domains</fielddescr> <fieldname>browsedomains</fieldname> <description> <![CDATA[ - Enter the domains that you would like proxied.<br /> - (Example: local, pfsense.org, mydomain.com) + Enter the (comma separated) list of domains that you would like proxied. (Example: local, pfsense.org, mydomain.com)<br /> + (Default: local) ]]> </description> <type>input</type> + <default_value>local</default_value> </field> <field> <fielddescr>Deny interfaces</fielddescr> <fieldname>denyinterfaces</fieldname> <description> <![CDATA[ - Interfaces that you do NOT want Avahi to listen on. - <strong>NOTE: WAN is always disabled (so it is not shown here).</strong> + Interfaces that you do NOT want Avahi to listen on.<br /> + <strong>Note: WAN is always disabled (so it is not shown here).</strong> ]]> </description> <type>interfaces_selection</type> - <hideinterfaceregex>wan</hideinterfaceregex> + <hideinterfaceregex>(wan|loopback)</hideinterfaceregex> <multiple>true</multiple> </field> <field> - <fielddescr>Disable IPv6</fielddescr> - <fieldname>disable_ipv6</fieldname> - <description>Disable IPv6 support in Avahi.</description> + <fielddescr>Enable IPv4</fielddescr> + <fieldname>enable_ipv4</fieldname> + <description>Enable IPv4 support in Avahi. (Default: enabled)</description> <type>checkbox</type> + <default_value>on</default_value> + <enablefields>publish_aaaa_on_ipv4</enablefields> </field> <field> - <fielddescr>Disable IPv4</fielddescr> - <fieldname>disable_ipv4</fieldname> - <description>Disable IPv4 support in Avahi.</description> + <fielddescr>Enable IPv6</fielddescr> + <fieldname>enable_ipv6</fieldname> + <description>Enable IPv6 support in Avahi. (Default: enabled)</description> <type>checkbox</type> + <default_value>on</default_value> + <enablefields>publish_a_on_ipv6</enablefields> </field> <field> - <fielddescr>Disable D-BUS</fielddescr> + <fielddescr>Disable D-Bus</fielddescr> <fieldname>disable_dbus</fieldname> - <description>Disable D-BUS client API support in Avahi.</description> + <description>Disable D-Bus client API support in Avahi. (Default: no)</description> + <type>checkbox</type> + </field> + <field> + <name>Wide Area</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Wide-Area DNS-SD</fielddescr> + <fieldname>enable_wide_area</fieldname> + <description> + <![CDATA[ + Enable wide-area DNS-SD, aka DNS-SD over unicast DNS. If this is enabled only + domains ending in .local will be resolved on mDNS, all other domains are resolved via unicast DNS.<br /> + If you want to maintain multiple different multicast DNS domains even with this option enabled, + use subdomains of .local, such as "kitchen.local".<br /> + (Default: enabled) + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <name>Publishing Options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Disable Publishing</fielddescr> + <fieldname>disable_publishing</fieldname> + <description> + <![CDATA[ + If checked, no record will be published by Avahi, not even address records for the local host. Avahi will be started in a querying-only mode.<br /> + You can use this is a security measure. <strong>Warning: Do NOT disable publishing unless you know what you are doing!</strong><br /> + (Default: no) + ]]> + </description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + <field> + <fielddescr>Disable User Service Publishing</fielddescr> + <fieldname>disable_user_service_publishing</fieldname> + <description> + <![CDATA[ + If checked, Avahi will still publish address records and suchlike but will not allow user applications to publish services. + You can use this is a security measure.<br /> + (Default: no) + ]]> + </description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + <field> + <fielddescr>Add Service Cookie</fielddescr> + <fieldname>add_service_cookie</fieldname> + <description> + <![CDATA[ + If enabled, an implicit TXT entry will be added to all locally registered services. + This can be used to detect if two services on two different interfaces/protocols are actually identical.<br /> + (Default: disabled) + ]]> + </description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + <field> + <fielddescr>Publish Addresses</fielddescr> + <fieldname>publish_addresses</fieldname> + <description> + <![CDATA[ + If enabled, Avahi will register mDNS address records for all local IP addresses. Unless you want to use Avahi exclusively + for browsing it’s recommended to enable this. If you want to register local services you need to enable this option.<br /> + (Default: enabled) + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Publish HINFO</fielddescr> + <fieldname>publish_hinfo</fieldname> + <description> + <![CDATA[ + If enabled, Avahi will register an mDNS HINFO record on all interfaces which contains information about the local operating system and CPU.<br /> + This is recommended by the mDNS specification but not required. For the sake of privacy you might choose to disable this feature.<br /> + (Default: enabled) + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Publish Workstation</fielddescr> + <fieldname>publish_workstation</fieldname> + <description> + <![CDATA[ + If enabled, Avahi will register will register a service of type "_workstation._tcp" on the local LAN. + This might be useful for administrative purposes (i.e. browse for all PCs on the LAN).<br /> + (Default: enabled) + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Publish DNS Servers</fielddescr> + <fieldname>publish_resolv_conf_dns_servers</fieldname> + <description> + <![CDATA[ + If enabled, Avahi will publish the unicast DNS servers configured in System - General settings. + You can use this to announce unicast DNS servers via mDNS.<br /> + When used in conjunction with avahi-dnsconfd on the client side this allows DHCP-like configuration of unicast DNS servers.<br /> + (Default: disabled) + ]]> + </description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + <field> + <fielddescr>Publish AAAA records on IPv4</fielddescr> + <fieldname>publish_aaaa_on_ipv4</fieldname> + <description> + <![CDATA[ + If enabled, Avahi will publish an IPv6 AAAA record via IPv4, i.e. the local IPv6 addresses can be resolved using an IPv4 transport.<br /> + (Default: enabled) + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Publish A records on IPv6</fielddescr> + <fieldname>publish_a_on_ipv6</fieldname> + <description> + <![CDATA[ + If enabled, Avahi will publish an IPv4 A record via IPv6, i.e. the local IPv4 addresses can be resolved using an IPv6 transport.<br /> + (Default: disabled) + ]]> + </description> + <type>checkbox</type> + <default_value>off</default_value> + </field> + <field> + <name>Reflector Options</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Reflector</fielddescr> + <fieldname>enable_reflector</fieldname> + <description> + <![CDATA[ + If enabled, Avahi will reflect incoming mDNS requests to all local network interfaces, + effectively allowing clients to browse mDNS/DNS-SD services on all networks connected to the gateway.<br /> + (Default: enabled) + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>Reflect IPv</fielddescr> + <fieldname>reflect_ipv</fieldname> + <description> + <![CDATA[ + If enabled, Avahi will forward mDNS traffic between IPv4 and IPv6, which is usually not recommended.<br /> + (Default: disabled) + ]]> + </description> <type>checkbox</type> + <default_value>off</default_value> </field> </fields> <custom_php_resync_config_command> avahi_sync(); </custom_php_resync_config_command> <custom_php_install_command> + avahi_upgrade_config(); avahi_install(); </custom_php_install_command> <custom_php_deinstall_command> avahi_deinstall(); </custom_php_deinstall_command> + <custom_php_validation_command> + avahi_validate_input($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/backup/backup.inc b/config/backup/backup.inc index 1a5eeab1..f77b5865 100644 --- a/config/backup/backup.inc +++ b/config/backup/backup.inc @@ -47,11 +47,9 @@ function backup_sync_package() { } function backup_install_command() { - conf_mount_rw(); // Create the backup directory safe_mkdir("/root/backup/"); backup_sync_package(); - conf_mount_ro(); } ?> diff --git a/config/backup/backup.priv.inc b/config/backup/backup.priv.inc new file mode 100644 index 00000000..f493deb9 --- /dev/null +++ b/config/backup/backup.priv.inc @@ -0,0 +1,39 @@ +<?php +/* + backup.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-backup'] = array(); +$priv_list['page-diagnostics-backup']['name'] = "WebCfg - Diagnostics: Backup package"; +$priv_list['page-diagnostics-backup']['descr'] = "Allow access to Backup package GUI"; + +$priv_list['page-diagnostics-backup']['match'] = array(); +$priv_list['page-diagnostics-backup']['match'][] = "packages/backup/backup.php*"; +$priv_list['page-diagnostics-backup']['match'][] = "packages/backup/backup_edit.php*"; + +?> diff --git a/config/backup/backup.xml b/config/backup/backup.xml index 18fbb0ed..498f1c24 100644 --- a/config/backup/backup.xml +++ b/config/backup/backup.xml @@ -43,7 +43,7 @@ </copyright> <description>Backup</description> <name>Backup Settings</name> - <version>0.1.9</version> + <version>0.2.0</version> <title>Settings</title> <include_file>/usr/local/pkg/backup.inc</include_file> <menu> @@ -66,6 +66,10 @@ <item>https://packages.pfsense.org/packages/config/backup/backup.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/backup/backup.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/packages/backup/</prefix> <item>https://packages.pfsense.org/packages/config/backup/backup.php</item> </additional_files_needed> diff --git a/config/bacula-client/bacula-client.inc b/config/bacula-client/bacula-client.inc index 07be3067..a251baae 100644 --- a/config/bacula-client/bacula-client.inc +++ b/config/bacula-client/bacula-client.inc @@ -44,19 +44,13 @@ function baculaclient_custom_php_install_command() { } function baculaclient_custom_php_deinstall_command(){ - conf_mount_rw(); - // Delete our config file unlink_if_exists(BACULA_LOCALBASE . "/etc/bacula/bacula-fd.conf"); - // Stop service and delete our rc file - stop_service("bacula-client"); - unlink_if_exists(BACULA_STARTUP_SCRIPT); - - conf_mount_ro(); } function baculaclient_custom_php_write_config(){ global $config, $LocalDirector; + $RemoteDirector = ""; conf_mount_rw(); // Check config_file @@ -79,21 +73,22 @@ function baculaclient_custom_php_write_config(){ switch ($bc['type']) { case "Director": $baculaclient_conf .= "Director { \n\tName = {$bc['director']}-dir #{$bc['description']}\n\tPassword = \"{$bc['password']}\"\n}\n"; + $RemoteDirector = $bc['director']; break; case "Monitor": $baculaclient_conf .= "Director { \n\tName = {$bc['director']}-mon #{$bc['description']}\n\tPassword = \"{$bc['password']}\"\n\tMonitor = yes\n}\n"; break; case "Local": - $baculaclient_conf .= "Director { \n\tName = {$bc['director']}-dir #{$bc['description']}\n\tPassword = \"{$bc['password']}\"\n}\n"; - $baculaclient_conf .= "Director { \n\tName = {$bc['director']}-mon #{$bc['description']}\n\tPassword = \"{$bc['password']}\"\n\tMonitor = yes\n}\n"; + $baculaclient_conf .= "Director { \n\tName = {$bc['director']}-fd #{$bc['description']}\n\tPassword = \"{$bc['password']}\"\n}\n"; $LocalDirector = $bc['director']; } } - // Create Messages - if (!empty($LocalDirector)) { - $baculaclient_conf .= "Messages { \n\tName = Standard \n\tdirector = {$LocalDirector}-dir = all, !skipped, !restored\n}\n"; + // Create Messages. + // Messages should be sent to the master Director + if (!empty($RemoteDirector)) { + $baculaclient_conf .= "Messages { \n\tName = Standard #send messages here\n\tdirector = {$RemoteDirector}-dir = all, !skipped, !restored\n}\n"; } // Create FileDaemon if (is_array($config['installedpackages']['baculaclientfd']['config'])) { @@ -101,7 +96,7 @@ function baculaclient_custom_php_write_config(){ $jobs = $config['installedpackages']['baculaclientfd']['config'][0]['jobs'] ?: '20'; } if (!empty($LocalDirector)) { - $baculaclient_conf .= "FileDaemon { \n\tName = {$LocalDirector}-fd #\n\tFDport = {$port}\n\tWorkingDirectory = /var/db/bacula\n\tPid Directory = /var/run\n\tMaximum Concurrent Jobs = {$jobs}\n}\n"; + $baculaclient_conf .= "FileDaemon { \n\tName = {$LocalDirector}-fd #this is the local pfSense Director\n\tFDport = {$port}\n\tWorkingDirectory = /var/db/bacula\n\tPid Directory = /var/run\n\tMaximum Concurrent Jobs = {$jobs}\n}\n"; } // Write config file and start service diff --git a/config/bacula-client/bacula-client.priv.inc b/config/bacula-client/bacula-client.priv.inc new file mode 100644 index 00000000..815768f0 --- /dev/null +++ b/config/bacula-client/bacula-client.priv.inc @@ -0,0 +1,41 @@ +<?php +/* + bacula-client.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-bacula-client'] = array(); +$priv_list['page-services-bacula-client']['name'] = "WebCfg - Services: bacula-client package"; +$priv_list['page-services-bacula-client']['descr'] = "Allow access to bacula-client package GUI"; + +$priv_list['page-services-bacula-client']['match'] = array(); +$priv_list['page-services-bacula-client']['match'][] = "pkg.php?xml=bacula-client.xml*"; +$priv_list['page-services-bacula-client']['match'][] = "pkg_edit.php?xml=bacula-client.xml*"; +$priv_list['page-services-bacula-client']['match'][] = "pkg_edit.php?xml=bacula-client_fd.xml*"; +$priv_list['page-services-bacula-client']['match'][] = "bacula-client_view_config.php*"; + +?> diff --git a/config/bacula-client/bacula-client.xml b/config/bacula-client/bacula-client.xml index ce07e77e..6f2f3424 100644 --- a/config/bacula-client/bacula-client.xml +++ b/config/bacula-client/bacula-client.xml @@ -44,7 +44,7 @@ </copyright> <requirements>Bacula Server Installed on your network.</requirements> <name>baculaclient</name> - <version>1.0.8</version> + <version>1.0.12</version> <title>Bacula Client: Settings</title> <aftersaveredirect>/pkg.php?xml=bacula-client.xml</aftersaveredirect> <include_file>/usr/local/pkg/bacula-client.inc</include_file> @@ -54,6 +54,10 @@ <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/bacula-client/bacula-client_fd.xml</item> </additional_files_needed> @@ -150,7 +154,13 @@ <custom_php_install_command> baculaclient_custom_php_install_command(); </custom_php_install_command> + <custom_php_deinstall_command> + baculaclient_custom_php_deinstall_command(); + </custom_php_deinstall_command> <custom_php_resync_config_command> baculaclient_custom_php_write_config(); </custom_php_resync_config_command> + <custom_delete_php_command> + baculaclient_custom_php_write_config(); + </custom_delete_php_command> </packagegui> diff --git a/config/bacula-client/bacula-client_view_config.php b/config/bacula-client/bacula-client_view_config.php index c10a0cda..dacdc98c 100644 --- a/config/bacula-client/bacula-client_view_config.php +++ b/config/bacula-client/bacula-client_view_config.php @@ -29,7 +29,7 @@ */ require("guiconfig.inc"); -$$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version == "2.1" || $pf_version == "2.2") { define('BACULA_LOCALBASE', '/usr/pbi/bacula-' . php_uname("m")); } else { @@ -62,12 +62,10 @@ include("head.inc"); <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td class="tabcont"> - <textarea id="varnishlogs" rows="50" cols="87%"> - <?php + <textarea rows="50" cols="87%"><?php $config_file = file_get_contents(BACULA_LOCALBASE."/etc/bacula/bacula-fd.conf"); echo $config_file; - ?> - </textarea> + ?></textarea> </td></tr> </table> </div> diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 9364cbbc..d7973433 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -45,13 +45,10 @@ switch ($pfs_version) { } function bandwidthd_install_deinstall() { - conf_mount_rw(); - stop_service("bandwidthd"); mwexec("/bin/rm -rf " . PKG_BANDWIDTHD_BASE . "/htdocs"); mwexec("/bin/rm -f /usr/local/www/bandwidthd"); // Remove the cron job, if it is there install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", false); - conf_mount_ro(); } function bandwidthd_install_config() { @@ -81,6 +78,17 @@ function bandwidthd_install_config() { $subnets .= "subnet " . gen_subnet(get_interface_ip($iface),get_interface_subnet($iface)) . "/" . get_interface_subnet($iface) . "\n"; } } + + /* Configure extra stats subnet(s) */ + $subnets_extra = explode(';', str_replace(' ', '', $bandwidthd_config['subnets_extra'])); + if (is_array($subnets_extra)) { + foreach ($subnets_extra as $sn) { + if (!empty($sn) && is_subnetv4($sn)) { + $subnets .= "subnet {$sn}\n"; + } + } + } + $promiscuous_val = ($bandwidthd_config['promiscuous'] != "" ? "promiscuous true" : "promiscuous false"); $sensor_id_string_val = ($bandwidthd_config['sensorid'] != "" ? "sensor_id \"{$bandwidthd_config['sensorid']}\"" : ""); @@ -105,7 +113,7 @@ function bandwidthd_install_config() { /* Advanced Filter */ if ($bandwidthd_config['advfilter']) { - $filter_text_val = "filter " . escapeshellarg(base64_decode($bandwidthd_config['advfilter'])); + $filter_text_val = 'filter "' . base64_decode($bandwidthd_config['advfilter']) . '"'; } else { $filter_text_val = ""; } @@ -282,7 +290,7 @@ EOD; } /* Cron job for graphs */ - if (($bandwidthd_config['enable']) && ($output_cdf)) { + if (($bandwidthd_config['enable']) && ($bandwidthd_config['outputcdf'])) { // Use cron job to rotate logs every day at 00:01 install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0"); } else { @@ -379,6 +387,17 @@ function bandwidthd_validate_input($post, &$input_errors) { } else { $input_errors[] = "You must select at least on interface under 'Subnet(s) for Statistics Collection'."; } + // Extra subnets + if ($post['subnets_extra']) { + $subnets_extra = explode(';', str_replace(' ', '', $post['subnets_extra'])); + if (is_array($subnets_extra)) { + foreach ($subnets_extra as $sn) { + if (!is_subnetv4($sn)) { + $input_errors[] = gettext("'Extra Subnet(s) for Statistics Collection' may only contain valid IPv4 subnet(s)."); + } + } + } + } // Only support sane characters in Sensor ID if ($post['sensorid']) { if ((!is_hostname($post['sensorid'])) && !preg_match("/^[a-zA-Z0-9\-\=\(\):. ]*$/", $post['sensorid'])) { diff --git a/config/bandwidthd/bandwidthd.priv.inc b/config/bandwidthd/bandwidthd.priv.inc new file mode 100644 index 00000000..4cde70a9 --- /dev/null +++ b/config/bandwidthd/bandwidthd.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + bandwidthd.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-bandwidthd-settings'] = array(); +$priv_list['page-diagnostics-bandwidthd-settings']['name'] = "WebCfg - Diagnostics: BandwidthD settings"; +$priv_list['page-diagnostics-bandwidthd-settings']['descr'] = "Allow access to BandwidthD package settings GUI"; +$priv_list['page-diagnostics-bandwidthd-settings']['match'] = array(); +$priv_list['page-diagnostics-bandwidthd-settings']['match'][] = "pkg_edit.php?xml=bandwidthd.xml*"; + +?> diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index 1668f748..83aaa1e0 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -44,9 +44,9 @@ ]]> </copyright> <name>bandwidthd</name> - <version>0.6</version> + <version>0.6.1</version> <title>Diagnostics: Bandwidthd</title> - <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml&id=0</aftersaveredirect> + <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml</aftersaveredirect> <include_file>/usr/local/pkg/bandwidthd.inc</include_file> <menu> <name>BandwidthD</name> @@ -58,7 +58,7 @@ <name>BandwidthD Settings</name> <tooltiptext></tooltiptext> <section>Diagnostics</section> - <url>/pkg_edit.php?xml=bandwidthd.xml&id=0</url> + <url>/pkg_edit.php?xml=bandwidthd.xml</url> </menu> <service> <name>bandwidthd</name> @@ -83,6 +83,10 @@ <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/bandwidthd/bandwidthd.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/bandwidthd/bandwidthd.priv.inc</item> + </additional_files_needed> <fields> <field> <name>General Options</name> @@ -119,6 +123,20 @@ <required/> </field> <field> + <fielddescr>Extra Subnet(s) for Statistics Collection</fielddescr> + <fieldname>subnets_extra</fieldname> + <description> + <![CDATA[ + Specify additional IPv4 subnet(s) in CIDR notation for statistics collection (or leave empty if none). + For multiple subnets, separate entries with ';'<br /> + (Example: 192.168.1.0/24;10.0.0.0/24)<br /> + <strong>Note: Do NOT specify any local subnets already selected in 'Subnet(s) for Statistics Collection' above!</strong> + ]]> + </description> + <type>input</type> + <size>50</size> + </field> + <field> <fielddescr>Promiscuous</fielddescr> <fieldname>promiscuous</fieldname> <description> @@ -155,6 +173,7 @@ </description> <type>checkbox</type> <default_value>on</default_value> + <enablefields>meta_refresh,skipintervals,graphcutoff</enablefields> </field> <field> <fielddescr>Meta Refresh</fielddescr> @@ -194,6 +213,7 @@ <fieldname>outputcdf</fieldname> <description>Log data to CDF files log*.cdf</description> <type>checkbox</type> + <enablefields>recovercdf</enablefields> </field> <field> <fielddescr>Recover CDF</fielddescr> @@ -279,7 +299,7 @@ <type>textarea</type> <encoding>base64</encoding> <cols>65</cols> - <rows>1</rows> + <rows>5</rows> <advancedfield/> </field> </fields> diff --git a/config/bind/bind.inc b/config/bind/bind.inc index 7b5b773e..39c12e13 100644 --- a/config/bind/bind.inc +++ b/config/bind/bind.inc @@ -1,10 +1,11 @@ -<?PHP -/* $Id$ */ +<?php /* bind.inc - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - Copyright (C) 2013 Marcello Coutinho + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,15 +28,14 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ $shortcut_section = "bind"; -require_once('globals.inc'); -require_once('config.inc'); -require_once('util.inc'); -require_once('pfsense-utils.inc'); -require_once('pkg-utils.inc'); -require_once('service-utils.inc'); +require_once("globals.inc"); +require_once("config.inc"); +require_once("util.inc"); +require_once("pfsense-utils.inc"); +require_once("pkg-utils.inc"); +require_once("service-utils.inc"); if (!function_exists("filter_configure")) { require_once("filter.inc"); } @@ -49,8 +49,8 @@ if ($pf_version == "2.1" || $pf_version == "2.2") { define('CHROOT_LOCALBASE', '/cf/named'); -function bind_zone_validate($post, &$input_errors) -{ +function bind_zone_validate($post, &$input_errors) { + if (array_key_exists("mail", $_POST)) { $_POST['mail'] = preg_replace("/@/", ".", $post['mail']); } @@ -112,11 +112,11 @@ function bind_zone_validate($post, &$input_errors) } } -function bind_sync() -{ +function bind_sync() { + global $config; conf_mount_rw(); - //create rndc + // Create rndc $rndc_confgen = "/usr/local/sbin/rndc-confgen"; if (!file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense") && file_exists($rndc_confgen)) { exec("$rndc_confgen ", $rndc_conf); @@ -128,8 +128,8 @@ function bind_sync() } $rndc_bindconf = ""; $rndc_file = ""; - if (file_exists(BIND_LOCALBASE."/etc/rndc-confgen.pfsense")) { - $rndc_conf = file(BIND_LOCALBASE."/etc/rndc-confgen.pfsense"); + if (file_exists(BIND_LOCALBASE . "/etc/rndc-confgen.pfsense")) { + $rndc_conf = file(BIND_LOCALBASE . "/etc/rndc-confgen.pfsense"); $confgen = "rndc.conf"; foreach ($rndc_conf as $line) { if ($confgen == "rndc.conf") { @@ -143,7 +143,7 @@ function bind_sync() } if (preg_match("/named.conf/", $line)) { $confgen = "named.conf"; - file_put_contents(BIND_LOCALBASE."/etc/rndc.conf", $rndc_file); + file_put_contents(BIND_LOCALBASE . "/etc/rndc.conf", $rndc_file); } } } @@ -152,7 +152,7 @@ function bind_sync() $bind_enable = $bind['enable_bind']; $bind_forwarder = $bind['bind_forwarder']; $forwarder_ips = $bind['bind_forwarder_ips']; - $ram_limit = ($bind['bind_ram_limit'] ? $bind['bind_ram_limit'] : "256M"); + $ram_limit = $bind['bind_ram_limit'] ? $bind['bind_ram_limit'] : "256M"; $hide_version = $bind['bind_hide_version']; $bind_notify = $bind['bind_notify']; $custom_options = base64_decode($bind['bind_custom_options']); @@ -162,7 +162,7 @@ function bind_sync() $bind_conf .= "#Do not edit this file!!!\n\n"; $bind_conf .= "$rndc_bindconf\n"; $bind_conf .= "$bind_global_settings\n"; - // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } + // Curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $bind_conf .= <<<EOD options { @@ -172,13 +172,13 @@ options { max-cache-size {$ram_limit}; EOD; - // check response rate limit option + // Check response rate limit option //https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html //http://ss.vix.su/~vjs/rl-arm.html if ($bind['rate_enabled'] == "on") { - $rate_limit = ($bind['rate_limit'] ? $bind['rate_limit'] : "15"); - $log_only = ($bind['log_only'] == "no" ? "no" : "yes"); - // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } + $rate_limit = $bind['rate_limit'] ? $bind['rate_limit'] : "15"; + $log_only = $bind['log_only'] == "no" ? "no" : "yes"; + // Curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $bind_conf .= <<<EOD rate-limit { responses-per-second {$rate_limit}; @@ -187,7 +187,7 @@ EOD; EOD; } - //check ips to listen on + // Check IPs to listen on if (preg_match("/All/", $bind['listenon'])) { $bind_listenonv6 = "any;"; $bind_listenon = "any;"; @@ -200,7 +200,7 @@ EOD; } elseif (is_ipaddr($listenon)) { $bind_listenon .= $listenon."; "; } else { - $listenon = (pfSense_get_interface_addresses(convert_friendly_interface_to_real_interface_name($listenon))); + $listenon = pfSense_get_interface_addresses(convert_friendly_interface_to_real_interface_name($listenon)); if (is_ipaddr($listenon['ipaddr'])) { $bind_listenon .= $listenon['ipaddr']."; "; } @@ -210,15 +210,15 @@ EOD; } } } - $bind_listenonv6 = ($bind_listenonv6 == "" ? "none;" : $bind_listenonv6); - $bind_listenon = ($bind_listenon == "" ? "none;" : $bind_listenon); - // print "<PRE>$bind_listenonv6 $bind_listenon"; + $bind_listenonv6 = $bind_listenonv6 == "" ? "none;" : $bind_listenonv6; + $bind_listenon = $bind_listenon == "" ? "none;" : $bind_listenon; + // Print "<pre>$bind_listenonv6 $bind_listenon"; if (array_key_exists("ipv6allow", $config['system'])) { $bind_conf .= "\tlisten-on-v6 { $bind_listenonv6 };\n"; } $bind_conf .= "\tlisten-on { $bind_listenon };\n"; - // forwarder config + // Forwarder config if ($bind_forwarder == 'on') { $bind_conf .= "\tforwarders { $forwarder_ips };\n"; } @@ -249,9 +249,9 @@ EOD; system("/usr/bin/killall -HUP syslogd"); } $log_categories = explode(",", $bind['log_options']); - $log_severity = ($bind['log_severity'] ? $bind['log_severity'] : 'default'); + $log_severity = $bind['log_severity'] ? $bind['log_severity'] : 'default'; if (sizeof($log_categories) > 0 && $log_categories[0] != "") { - // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } + // Curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $bind_conf .= <<<EOD logging { @@ -286,7 +286,7 @@ EOD; array("name" => "localhost", "description" => "BIND Built-in ACL", "row" => array("value" => "", "description" => "")); $config['installedpackages']['bindacls']['config'][] = array("name" => "localnets", "description" => "BIND Built-in ACL", "row" => array("value" => "", "description" => "")); - write_config("Create BIND Built-in ACLs"); + write_config("Created BIND Built-in ACLs"); } $bindacls = $config['installedpackages']['bindacls']['config']; for ($i = 0; $i < sizeof($bindacls); $i++) { @@ -366,9 +366,7 @@ EOD; // Ensure zone view folder exists if ($zonetype != "forward") { foreach ($zoneviewlist as $zoneview) { - if (!(is_dir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview"))) { - mkdir(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", 0755, true); - } + safe_mkdir(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview", 0755); } } @@ -422,7 +420,7 @@ EOD; $bind_conf .= "\t\tallow-update { $zoneallowupdate; };\n"; } if ($zone['dnssec'] == "on") { - //https://kb.isc.org/article/AA-00626/ + // https://kb.isc.org/article/AA-00626/ $bind_conf .= "\n\t\t# look for dnssec keys here:\n"; $bind_conf .= "\t\tkey-directory \"/etc/namedb/keys\";\n\n"; $bind_conf .= "\t\t# publish and activate dnssec keys:\n"; @@ -442,7 +440,7 @@ EOD; $bind_conf .= "\t\tforwarders { $zoneforwarders; };\n"; break; case 'redirect': - $bind_conf .= "\t\t# While using redirect zones,NXDOMAIN Redirection will not override DNSSEC\n"; + $bind_conf .= "\t\t# While using redirect zones, NXDOMAIN Redirection will not override DNSSEC\n"; $bind_conf .= "\t\t# If the client has requested DNSSEC records (DO=1) and the NXDOMAIN response is signed then no substitution will occur\n"; $bind_conf .= "\t\t# https://kb.isc.org/article/AA-00376/192/BIND-9.9-redirect-zones-for-NXDOMAIN-redirection.html\n"; $bind_conf .= "\t\tallow-query { $zoneallowquery; };\n"; @@ -462,17 +460,17 @@ EOD; switch ($zonetype) { case 'master': case 'redirect': - // check/update slave dir permission - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype", "bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", "bind"); - $zonetll = ($zone['tll'] ? $zone['tll'] : "43200"); - $zonemail = ($zone['mail'] ? $zone['mail'] : "zonemaster.{$zonename}"); + // Check/update slave dir permission + chown(CHROOT_LOCALBASE . "/etc/namedb/$zonetype", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview", "bind"); + $zonetll = $zone['tll'] ? $zone['tll'] : "43200"; + $zonemail = $zone['mail'] ? $zone['mail'] : "zonemaster.{$zonename}"; $zonemail = preg_replace("/@/", ".", $zonemail); $zoneserial = $zone['serial']; - $zonerefresh = ($zone['refresh'] ? $zone['refresh'] : "3600"); - $zoneretry = ($zone['retry'] ? $zone['retry'] : "600"); - $zoneexpire = ($zone['expire'] ? $zone['expire'] : "86400"); - $zoneminimum = ($zone['minimum'] ? $zone['minimum'] : "3600"); + $zonerefresh = $zone['refresh'] ? $zone['refresh'] : "3600"; + $zoneretry = $zone['retry'] ? $zone['retry'] : "600"; + $zoneexpire = $zone['expire'] ? $zone['expire'] : "86400"; + $zoneminimum = $zone['minimum'] ? $zone['minimum'] : "3600"; $zonenameserver = $zone['nameserver']; $zoneipns = $zone['ipns']; $zonereverso = $zone['reverso']; @@ -573,10 +571,10 @@ EOD; $config['installedpackages']['bindzone']['config'][$x]['resultconfig'] = base64_encode($zone_conf); $write_config++; - //check dnssec keys creation for master zones + // Check DNSSEC keys creation for master zones if ($zone['dnssec'] == "on") { $zone_found = 0; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key", GLOB_NOSORT) as $filename) { + foreach (glob(CHROOT_LOCALBASE . "/etc/namedb/keys/*{$zonename}*key", GLOB_NOSORT) as $filename) { $zone_found++; } if ($zone_found == 0) { @@ -596,16 +594,16 @@ EOD; } $dnssec_bin = "/usr/local/sbin/dnssec-keygen"; if (file_exists($dnssec_bin) && $key_restored == 0) { - exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys {$zonename}", $kout); - exec("{$dnssec_bin} -K ".CHROOT_LOCALBASE."/etc/namedb/keys -fk {$zonename}", $kout); + exec("{$dnssec_bin} -K " . CHROOT_LOCALBASE . "/etc/namedb/keys {$zonename}", $kout); + exec("{$dnssec_bin} -K " . CHROOT_LOCALBASE . "/etc/namedb/keys -fk {$zonename}", $kout); foreach ($kout as $filename) { - chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.key", "bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/keys/{$filename}.private", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/keys/{$filename}.key", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/keys/{$filename}.private", "bind"); } log_error("[bind] DNSSEC keys for {$zonename} created."); } } - // get ds keys + // Get DS keys $dsfromkey = "/usr/local/sbin/dnssec-dsfromkey"; foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*key", GLOB_NOSORT) as $filename) { $zone_key = file_get_contents($filename); @@ -616,10 +614,10 @@ EOD; } } - // save dnssec keys to xml + // Save DNSSEC keys to xml if ($zone['backupkeys'] == "on") { $dnssec_keys = 0; - foreach (glob(CHROOT_LOCALBASE."/etc/namedb/keys/*{$zonename}*", GLOB_NOSORT) as $filename) { + foreach (glob(CHROOT_LOCALBASE . "/etc/namedb/keys/*{$zonename}*", GLOB_NOSORT) as $filename) { $file_found = 0; if (is_array($config['installedpackages']['dnsseckeys']) && is_array($config['installedpackages']['dnsseckeys']['config'])) { foreach ($config['installedpackages']['dnsseckeys']['config'] as $filer) { @@ -643,21 +641,21 @@ EOD; } break; case 'slave': - // check/update slave dir permission - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype", "bind"); - chown(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview", "bind"); + // Check/update slave dir permission + chown(CHROOT_LOCALBASE . "/etc/namedb/$zonetype", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview", "bind"); // check if exists slave zone file $rsconfig = ""; if ($zone['dnssec'] == "on") { - if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed")) { - exec("/usr/local/sbin/named-checkzone -D -f raw -o - {$zonename} ".CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed", $slave_file); + if (file_exists(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed")) { + exec("/usr/local/sbin/named-checkzone -D -f raw -o - {$zonename} " . CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview/$zonename.DB.signed", $slave_file); } } else { - if (file_exists(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB")) { - $slave_file = file(CHROOT_LOCALBASE."/etc/namedb/$zonetype/$zoneview/$zonename.DB"); + if (file_exists(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview/$zonename.DB")) { + $slave_file = file(CHROOT_LOCALBASE . "/etc/namedb/$zonetype/$zoneview/$zonename.DB"); } } - // TODO is is_array() the best test to use? is it only checking for existence? + // TODO: is is_array() the best test to use? Is it only checking for existence? if (is_array($slave_file)) { foreach ($slave_file as $zfile) { $rsconfig .= $zfile; @@ -667,7 +665,7 @@ EOD; $write_config++; break; case 'forward': - // forwarder zone does not have a DB file + // Forwarder zone does not have a DB file $config['installedpackages']['bindzone']['config'][$x]['resultconfig'] = ''; $write_config++; break; @@ -683,18 +681,16 @@ EOD; $bind_conf .= "\t};\n\n"; } if ($write_config > 0) { - write_config("save result config file for zone on xml"); + write_config("BIND: Saved resulting config file for zone in xml"); } $bind_conf .= "};\n"; } $dirs = array("/etc/namedb/keys", "/var/run/named", "/var/dump", "/var/log", "/var/stats", "/dev"); foreach ($dirs as $dir) { - if (!is_dir(CHROOT_LOCALBASE.$dir)) { - mkdir(CHROOT_LOCALBASE.$dir, 0755, true); - } + safe_mkdir(CHROOT_LOCALBASE . $dir, 0755); } - // dev dirs for chroot - $bind_dev_dir = CHROOT_LOCALBASE."/dev"; + // Handle /dev dirs for chroot + $bind_dev_dir = CHROOT_LOCALBASE . "/dev"; if (!file_exists("$bind_dev_dir/random")) { $dev_dirs = array("null", "zero", "random", "urandom"); exec("/sbin/mount -t devfs devfs {$bind_dev_dir}", $dout); @@ -706,41 +702,40 @@ EOD; exec("/sbin/devfs -m {$bind_dev_dir} rule applyset", $dout); } // http://www.unixwiz.net/techtips/bind9-chroot.html - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/named.conf', $bind_conf); - file_put_contents(CHROOT_LOCALBASE.'/etc/namedb/rndc.conf', $rndc_file); + file_put_contents(CHROOT_LOCALBASE . '/etc/namedb/named.conf', $bind_conf); + file_put_contents(CHROOT_LOCALBASE . '/etc/namedb/rndc.conf', $rndc_file); - if (!file_exists(CHROOT_LOCALBASE."/etc/namedb/named.root")) { + if (!file_exists(CHROOT_LOCALBASE . "/etc/namedb/named.root")) { // dig +tcp @a.root-servers.net > CHROOT_LOCALBASE."/etc/namedb/named.root" $named_root = file_get_contents("http://www.internic.net/domain/named.root"); - file_put_contents(CHROOT_LOCALBASE."/etc/namedb/named.root", $named_root, LOCK_EX); + file_put_contents(CHROOT_LOCALBASE . "/etc/namedb/named.root", $named_root, LOCK_EX); } if (!file_exists(CHROOT_LOCALBASE."/etc/localtime")) { - copy("/etc/localtime", CHROOT_LOCALBASE."/etc/localtime"); + copy("/etc/localtime", CHROOT_LOCALBASE . "/etc/localtime"); } bind_write_rcfile(); - chown(CHROOT_LOCALBASE."/etc/namedb/keys", "bind"); - chown(CHROOT_LOCALBASE."/etc/namedb", "bind"); - chown(CHROOT_LOCALBASE."/var/log", "bind"); - chown(CHROOT_LOCALBASE."/var/run/named", "bind"); - chgrp(CHROOT_LOCALBASE."/var/log", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb/keys", "bind"); + chown(CHROOT_LOCALBASE . "/etc/namedb", "bind"); + chown(CHROOT_LOCALBASE . "/var/log", "bind"); + chown(CHROOT_LOCALBASE . "/var/run/named", "bind"); + chgrp(CHROOT_LOCALBASE . "/var/log", "bind"); $bind_sh = "/usr/local/etc/rc.d/named.sh"; if ($bind_enable == "on") { chmod($bind_sh, 0755); - mwexec("{$bind_sh} restart"); + restart_service("named"); } elseif (is_service_running('named')) { - mwexec("{$bind_sh} stop"); + stop_service("named"); chmod($bind_sh, 0644); } - // sync to backup servers + // Sync to backup servers bind_sync_on_changes(); conf_mount_ro(); } -function bind_print_javascript_type_zone() -{ +function bind_print_javascript_type_zone() { ?> - <script language="JavaScript"> + <script type="text/javascript"> <!-- function on_type_zone_changed() { @@ -844,35 +839,33 @@ function bind_print_javascript_type_zone() <?php } -function bind_print_javascript_type_zone2() -{ - print("<script language=\"JavaScript\">on_type_zone_changed();document.iform.resultconfig.disabled = 1;document.iform.dsset.disabled = 1;</script>\n"); +function bind_print_javascript_type_zone2() { + print("<script language=\"text/javascript\">on_type_zone_changed(); document.iform.resultconfig.disabled = 1; document.iform.dsset.disabled = 1;</script>\n"); } -function bind_write_rcfile() -{ +function bind_write_rcfile() { global $config; $bind = $config['installedpackages']['bind']['config'][0]; $ip_version = ($bind['bind_ip_version'] ? $bind['bind_ip_version'] : ""); $rc = array(); $BIND_LOCALBASE = "/usr/local"; $rc['file'] = 'named.sh'; - // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } + // Curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $rc['start'] = <<<EOD - if [ -z "`ps auxw | grep "[n]amed {$ip_version} -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then + if [ -z "`/bin/ps auxw | /usr/bin/grep "[n]amed {$ip_version} -c /etc/namedb/named.conf" | /usr/bin/awk '{print $2}'`" ]; then {$BIND_LOCALBASE}/sbin/named {$ip_version} -c /etc/namedb/named.conf -u bind -t /cf/named/ fi EOD; $rc['stop'] = <<<EOD - killall -9 named 2>/dev/null + /usr/bin/killall -9 named 2>/dev/null sleep 2 EOD; // curly braces in the following <<<EOD are PHP {$variable}, not named.conf text { value; } $rc['restart'] = <<<EOD - if [ -z "`ps auxw | grep "[n]amed {$ip_version} -c /etc/namedb/named.conf"|awk '{print $2}'`" ];then + if [ -z "`/bin/ps auxw | /usr/bin/grep "[n]amed {$ip_version} -c /etc/namedb/named.conf" | /usr/bin/awk '{print $2}'`" ]; then {$BIND_LOCALBASE}/sbin/named {$ip_version} -c /etc/namedb/named.conf -u bind -t /cf/named/ else - killall -9 named 2>/dev/null + /usr/bin/killall -9 named 2>/dev/null sleep 3 {$BIND_LOCALBASE}/sbin/named {$ip_version} -c /etc/namedb/named.conf -u bind -t /cf/named/ fi @@ -896,7 +889,7 @@ function bind_sync_on_changes() if (is_array($bind_sync['row'])) { $rs = $bind_sync['row']; } else { - log_error("[bind] xmlrpc sync is enabled but there is no hosts to push on bind config."); + log_error("[bind] XMLRPC sync is enabled but there are no hosts to push on BIND config."); return; } break; @@ -907,7 +900,7 @@ function bind_sync_on_changes() $rs[0]['username'] = $hasync['username']; $rs[0]['password'] = $hasync['password']; } else { - log_error("[bind] xmlrpc sync is enabled but there is no system backup hosts to push bind config."); + log_error("[bind] XMLRPC sync is enabled but there are no system backup hosts to push BIND config."); return; } break; @@ -916,7 +909,7 @@ function bind_sync_on_changes() break; } if (is_array($rs)) { - log_error("[bind] xmlrpc sync is starting."); + log_error("[bind] XMLRPC sync is starting."); foreach ($rs as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; @@ -929,7 +922,7 @@ function bind_sync_on_changes() bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $master_zone_ip); } } - log_error("[bind] xmlrpc sync is ending."); + log_error("[bind] XMLRPC sync is ending."); } } } @@ -955,14 +948,13 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m $synctimeout = 25; } - $xmlrpc_sync_neighbor = $sync_to_ip; if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ + /* If port is empty let's rely on the protocol selection */ if ($port == "") { if ($config['system']['webgui']['protocol'] == "http") { $port = "80"; @@ -972,7 +964,7 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m } $synchronizetoip .= $sync_to_ip; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync */ $xml = array(); $xml['bind'] = $config['installedpackages']['bind']; $xml['bindacls'] = $config['installedpackages']['bindacls']; @@ -981,7 +973,7 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m if (is_array($config['installedpackages']['dnsseckeys'])) { $xml['dnsseckeys'] = $config['installedpackages']['dnsseckeys']; } - //change master zone to slave on backup servers + // Change master zone to slave on backup servers if (is_array($xml['bindzone']["config"])) { for ($x = 0; $x < sizeof($xml['bindzone']["config"]); $x++) { if ($xml['bindzone']["config"][$x]['type'] == "master") { @@ -991,13 +983,13 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m } } - /* assemble xmlrpc payload */ + /* Assemble XMLRPC payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($xml) ); - /* set a few variables needed for sync code borrowed from filter.inc */ + /* Set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; log_error("[bind] Beginning bind XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; @@ -1007,10 +999,10 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m if ($g['debug']) { $cli->setDebug(1); } - /* send our XMLRPC message and timeout after defined sync timeout value*/ + /* Send our XMLRPC message and timeout after defined sync timeout value */ $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting BIND XMLRPC sync with {$url}:{$port}."; + $error = "A communication error occurred while attempting BIND XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } elseif ($resp->faultCode()) { @@ -1023,11 +1015,11 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m log_error("[bind] XMLRPC sync successfully completed with {$url}:{$port}."); } - /* tell bind to reload our settings on the destination sync host. */ + /* Tell bind to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; $execcmd = "require_once('/usr/local/pkg/bind.inc');\n"; $execcmd .= "bind_sync('yes');"; - /* assemble xmlrpc payload */ + /* Assemble XMLRPC payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) @@ -1039,13 +1031,13 @@ function bind_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout, $m $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting BIND XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + $error = "A communication error occurred while attempting BIND XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "Bind Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[Bind] An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code ".$resp->faultCode().": ".$resp->faultString(); + $error = "[bind] An error code was received while attempting BIND XMLRPC sync with {$url}:{$port} - Code ".$resp->faultCode().": ".$resp->faultString(); log_error($error); file_notice("sync_settings", $error, "bind Settings Sync", ""); } else { diff --git a/config/bind/bind.widget.php b/config/bind/bind.widget.php index 1e8c0cc8..deae7ba6 100644 --- a/config/bind/bind.widget.php +++ b/config/bind/bind.widget.php @@ -1,28 +1,31 @@ <?php /* - Copyright 2013 Marcello Coutinho - Part of bind package for pfSense(www.pfsense.org) + bind.widget.php + part of pfSense (https://www.pfSense.org/) + Copyright 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ @require_once("guiconfig.inc"); @require_once("pfsense-utils.inc"); @@ -33,27 +36,22 @@ if ($uname['machine'] == 'amd64') { ini_set('memory_limit', '250M'); } -function open_table() -{ +function open_table() { echo "<table style=\"padding-top:0px; padding-bottom:0px; padding-left:0px; padding-right:0px\" width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">"; - echo " <tr>"; + echo "<tr>"; } -function close_table() -{ - echo " </tr>"; +function close_table() { + echo "</tr>"; echo "</table>"; - } $pfb_table = array(); -$img['Sick'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif'>"; -$img['Healthy'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif'>"; - +$img['Sick'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_down.gif' alt='sick'>"; +$img['Healthy'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_up.gif' alt='healthy'>"; -#var_dump($pfb_table); -#exit; ?> + <div id='bind'><?php global $config; $rndc_bin = "/usr/local/sbin/rndc"; @@ -73,6 +71,7 @@ $img['Healthy'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_ ?> <script type="text/javascript"> + //<![CDATA[ function getstatus_bind() { var url = "/widgets/widgets/bind.widget.php"; var pars = 'getupdatestatus=yes'; @@ -89,4 +88,5 @@ $img['Healthy'] = "<img src ='/themes/{$g['theme']}/images/icons/icon_interface_ setTimeout('getstatus_postfix()', 5000); } getstatus_bind(); + //]]> </script> diff --git a/config/bind/bind.xml b/config/bind/bind.xml index c24bf351..0f6861fc 100644 --- a/config/bind/bind.xml +++ b/config/bind/bind.xml @@ -3,56 +3,50 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind.xml - part of pfSense (http://www.pfSense.com) - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + bind.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bind</name> - <version>1.0</version> - <title>Bind: Domain Named Settings</title> + <version>0.4.0</version> + <title>BIND: DNS Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> <menu> - <name>BIND Server</name> + <name>BIND DNS Server</name> <tooltiptext>Modify BIND settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=bind.xml</url> @@ -87,45 +81,36 @@ </tab> </tabs> - <!-- Installation --> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind_views.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind_zones.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind_acls.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/pkg_bind.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/bind/bind.widget.php</item> </additional_files_needed> <fields> @@ -137,16 +122,24 @@ <field> <fielddescr>Enable BIND</fielddescr> <fieldname>enable_bind</fieldname> - <description><![CDATA[Enable BIND DNS server<br> - Disable DNS Forwarder and Resolver services on selected interfaces before enabling BIND.]]></description> + <description> + <![CDATA[ + Enable BIND DNS server<br /> + Disable DNS Forwarder and Resolver services on selected interfaces before enabling BIND. + ]]> + </description> <type>checkbox</type> <required/> </field> <field> <fielddescr>IP Version</fielddescr> <fieldname>bind_ip_version</fieldname> - <description><![CDATA[Select IP transport version.<br> - This controls which transports are used when resolving queries.]]></description> + <description> + <![CDATA[ + Select IP transport version.<br /> + This controls which transports are used when resolving queries. + ]]> + </description> <type>select</type> <options> <option><name>IPv4+IPv6</name><value></value></option> @@ -157,7 +150,7 @@ <field> <fielddescr>Listen on</fielddescr> <fieldname>listenon</fieldname> - <description><![CDATA[Choose the interfaces on which to enable BIND.]]></description> + <description>Choose the interfaces on which to enable BIND.</description> <type>interfaces_selection</type> <showlistenall/> <showvirtualips/> @@ -178,34 +171,42 @@ <field> <fielddescr>Limit Memory Use</fielddescr> <fieldname>bind_ram_limit</fieldname> - <description>Limits RAM use for DNS server, recommend 256M</description> + <description>Limits RAM use for DNS server (Recommended: 256M)</description> <type>input</type> <size>10</size> <default_value>256M</default_value> </field> <field> <type>listtopic</type> - <name>Logging options</name> + <name>Logging Options</name> <fieldname>temp01</fieldname> </field> <field> <fielddescr>Enable Logging</fielddescr> <fieldname>bind_logging</fieldname> - <description><![CDATA[Enable BIND logs under Status > System logs, Resolver tab.]]></description> + <description> + <![CDATA[ + Enable BIND logs under Status > System logs, Resolver tab. + ]]> + </description> <type>checkbox</type> </field> <field> - <fielddescr>Logging Serverity</fielddescr> + <fielddescr>Logging Severity</fielddescr> <fieldname>log_severity</fieldname> - <description><![CDATA[Choose logging level for selected categories.<BR> - The value 'dynamic' means assume the global level defined by either the command line parameter -d or by running rndc trace.]]></description> + <description> + <![CDATA[ + Choose logging level for selected categories.<br /> + The value 'dynamic' means assume the global level defined by either the command line parameter -d or by running rndc trace. + ]]> + </description> <type>select</type> <options> - <option><name>Critital</name><value>critical</value></option> + <option><name>Critical</name><value>critical</value></option> <option><name>Error</name><value>error</value></option> <option><name>Warning</name><value>warning</value></option> <option><name>Notice</name><value>Notice</value></option> - <option><name>info</name><value>info</value></option> + <option><name>Info</name><value>info</value></option> <option><name>Debug level 1</name><value>debug 1</value></option> <option><name>Debug level 3</name><value>debug 3</value></option> <option><name>Debug level 5</name><value>debug 5</value></option> @@ -215,27 +216,82 @@ <field> <fielddescr>Logging Options</fielddescr> <fieldname>log_options</fieldname> - <description><![CDATA[Select categories to log.<BR> - use CTRL+click to select/unselect.]]></description> + <description> + <![CDATA[ + Select categories to log.<br /> + (Use CTRL + click to select/unselect. + ]]> + </description> <type>select</type> <options> - <option><name>Default-if this is the only category selected, it will log all categories except queries</name><value>default</value></option> - <option><name>General-Anything that is not classified as any other item in this list defaults to this category</name><value>general</value></option> - <option><name>Database-The value 'dynamic' means assume the global level defined by either the command line parameter -d or by running rndc trace</name><value>database</value></option> - <option><name>Security-Approval and denial of requests</name><value>security</value></option> - <option><name>Config-Configuration file parsing and processing</name><value>config</value></option> - <option><name>Resolver-Name resolution including recursive lookups</name><value>resolver</value></option> - <option><name>Xfer-in-Details of zone transfers the server is receiving.</name><value>xfer-in</value></option> - <option><name>Xfer-out-Details of zone transfers the server is sending.</name><value>xfer-out</value></option> - <option><name>Notify-Logs all NOTIFY operations.</name><value>notify</value></option> - <option><name>Client-Processing of client requests</name><value>client</value></option> - <option><name>Unmatched-No matching view clause or unrecognized class value.</name><value>unmatched</value></option> - <option><name>Queries-Logs all query transactions</name><value>queries</value></option> - <option><name>Network-Logs all network operations</name><value>network</value></option> - <option><name>Update-Logging of all dynamic update (DDNS) transactions</name><value>update</value></option> - <option><name>Dispatch-Dispatching of incoming packets to the server modules</name><value>dispatch</value></option> - <option><name>DNSSEC-DNSSEC and TSIG protocol processing</name><value>dnssec</value></option> - <option><name>lame-servers-Mis-configuration in the delegation of domains discovered by BIND</name><value>lame-servers</value></option> + <option> + <name>Default - If this is the only category selected, it will log all categories except queries.</name> + <value>default</value> + </option> + <option> + <name>General - Anything that is not classified as any other item in this list defaults to this category.</name> + <value>general</value> + </option> + <option> + <name>Database - Messages relating to the databases used internally by the name server to store zone and cache data.</name> + <value>database</value> + </option> + <option> + <name>Security - Approval and denial of requests.</name> + <value>security</value> + </option> + <option> + <name>Config - Configuration file parsing and processing.</name> + <value>config</value> + </option> + <option> + <name>Resolver - Name resolution including recursive lookups.</name> + <value>resolver</value> + </option> + <option> + <name>Xfer-in - Details of zone transfers the server is receiving.</name> + <value>xfer-in</value> + </option> + <option> + <name>Xfer-out - Details of zone transfers the server is sending.</name> + <value>xfer-out</value> + </option> + <option> + <name>Notify - Logs all NOTIFY operations.</name> + <value>notify</value> + </option> + <option> + <name>Client - Processing of client requests.</name> + <value>client</value> + </option> + <option> + <name>Unmatched - No matching view clause or unrecognized class value.</name> + <value>unmatched</value> + </option> + <option> + <name>Queries - Logs all query transactions.</name> + <value>queries</value> + </option> + <option> + <name>Network - Logs all network operations.</name> + <value>network</value> + </option> + <option> + <name>Update - Logging of all dynamic update (DDNS) transactions.</name> + <value>update</value> + </option> + <option> + <name>Dispatch - Dispatching of incoming packets to the server modules.</name> + <value>dispatch</value> + </option> + <option> + <name>DNSSEC - DNSSEC and TSIG protocol processing.</name> + <value>dnssec</value> + </option> + <option> + <name>lame-servers - Misconfiguration in the delegation of domains discovered by BIND.</name> + <value>lame-servers</value> + </option> </options> <multiple/> <size>18</size> @@ -248,8 +304,12 @@ <field> <fielddescr>Rate Limit</fielddescr> <fieldname>rate_enabled</fieldname> - <description><![CDATA[<a target=_new href='https://kb.isc.org/article/AA-01000/189/A-Quick-Introduction-to-Response-Rate-Limiting.html?utm_source=isc&utm_medium=website&utm_term=rrl-kb&utm_content=kbarticle&utm_campaign=bind994_release_091913'> - Limit/rate response queries</a> to prevent DOS attack.]]></description> + <description> + <![CDATA[ + See <a href='https://kb.isc.org/article/AA-01000/189/A-Quick-Introduction-to-Response-Rate-Limiting.html'>A Quick Introduction to Response Rate Limiting</a> + to prevent DOS attack. + ]]> + </description> <type>checkbox</type> <enablefields>rate_limit,log_only</enablefields> </field> @@ -266,29 +326,30 @@ <field> <fielddescr>Limit</fielddescr> <fieldname>rate_limit</fieldname> - <description>Set rate limit. Default to 15.</description> + <description>Set rate limit. (Default: 15)</description> <type>input</type> <size>10</size> </field> <field> <type>listtopic</type> - <name>Forwarder Config</name> + <name>Forwarder Configuration</name> <fieldname>temp01</fieldname> </field> <field> <fielddescr>Enable Forwarding</fielddescr> <fieldname>bind_forwarder</fieldname> - <description>Enable forwarding queries to other DNS servers listed below rather than this server - performing its own recursion. - </description> + <description>Enable forwarding queries to other DNS servers listed below rather than this server performing its own recursion.</description> <type>checkbox</type> <enablefields>bind_forwarder_ips</enablefields> </field> <field> <fielddescr>Forwarder IPs</fielddescr> <fieldname>bind_forwarder_ips</fieldname> - <description>Enter IPs of DNS servers to use for recursion. Separate by semi-colons (;). Applies - only if Enable Forwarding is chosen. + <description> + <![CDATA[ + Enter IPs of DNS servers to use for recursion. Separate by semi-colons (;).<br /> + Applies only if Enable Forwarding is chosen. + ]]> </description> <type>input</type> <size>80</size> @@ -302,8 +363,10 @@ <fielddescr>Custom Options</fielddescr> <fieldname>bind_custom_options</fieldname> <description> - <![CDATA[You can put your own custom options here, one per line.<br> - They'll be added to the configuration. They need to be named.conf native options.]]> + <![CDATA[ + You can put your own custom options here, one per line. They'll be added to the configuration.<br /> + They need to be <a href="http://www.freebsd.org/cgi/man.cgi?query=named.conf&apropos=0&sektion=0&manpath=FreeBSD+10.1-RELEASE+and+Ports&arch=default&format=html"named.conf</a> native settings. + ]]> </description> <type>textarea</type> <cols>65</cols> @@ -319,8 +382,10 @@ <fielddescr>Global Settings</fielddescr> <fieldname>bind_global_settings</fieldname> <description> - <![CDATA[You can put your own global settings here.<br> - They'll be added to the configuration. They need to be named.conf native settings.]]> + <![CDATA[ + You can put your own global settings here. They'll be added to the configuration.<br /> + They need to be <a href="http://www.freebsd.org/cgi/man.cgi?query=named.conf&apropos=0&sektion=0&manpath=FreeBSD+10.1-RELEASE+and+Ports&arch=default&format=html"named.conf</a> native settings. + ]]> </description> <type>textarea</type> <cols>65</cols> @@ -328,21 +393,10 @@ <encoding>base64</encoding> </field> </fields> - <custom_php_after_head_command> - </custom_php_after_head_command> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_validation_command> - </custom_php_validation_command> <custom_php_resync_config_command> bind_sync(); </custom_php_resync_config_command> <custom_php_install_command> bind_write_rcfile(); </custom_php_install_command> - <custom_php_deinstall_command> - </custom_php_deinstall_command> - <filter_rules_needed></filter_rules_needed> </packagegui> diff --git a/config/bind/bind_acls.xml b/config/bind/bind_acls.xml index 49794a69..49ca1631 100644 --- a/config/bind/bind_acls.xml +++ b/config/bind/bind_acls.xml @@ -1,61 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind_acls.xml - part of pfSense (http://www.pfSense.com) - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + bind_acls.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bindacls</name> - <version>0.1.0</version> + <version>0.4.0</version> <title>BIND: ACLs Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> - <menu> - <name>BIND Server</name> - <tooltiptext></tooltiptext> - <section>Services</section> - <configfile>bind.xml</configfile> - </menu> <tabs> <tab> <text>Settings</text> @@ -91,13 +80,11 @@ </columnitem> <movable>on</movable> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>ACL Name</fielddescr> <fieldname>name</fieldname> - <description>Enter name ACL.</description> + <description>Enter name of the ACL.</description> <type>input</type> <required/> </field> @@ -108,8 +95,8 @@ <type>input</type> </field> <field> - <fielddescr>Enter IP or range block network.</fielddescr> - <description>Leave blank to allow All</description> + <fielddescr>Enter IP or network range block.</fielddescr> + <description>Leave blank to allow All.</description> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> @@ -128,10 +115,6 @@ </rowhelper> </field> </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> <custom_php_resync_config_command> bind_sync(); </custom_php_resync_config_command> diff --git a/config/bind/bind_sync.xml b/config/bind/bind_sync.xml index 97fdad81..91d713e3 100644 --- a/config/bind/bind_sync.xml +++ b/config/bind/bind_sync.xml @@ -1,49 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind_sync.xml - part of the Bind package for pfSense - Copyright (C) 2013 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + bind_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bindsync</name> - <version>1.0</version> - <title>Bind: XMLRPC Sync</title> + <version>0.4.0</version> + <title>BIND: XMLRPC Sync</title> <include_file>/usr/local/pkg/bind.inc</include_file> <tabs> <tab> @@ -74,9 +75,9 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync bind configuration changes</fielddescr> + <fielddescr>Automatically Sync BIND Configuration Changes</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for bind.</description> + <description>Select a sync method for BIND.</description> <type>select</type> <required/> <default_value>auto</default_value> @@ -87,7 +88,7 @@ </options> </field> <field> - <fielddescr>Sync timeout</fielddescr> + <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> <description>Select sync max wait time</description> <type>select</type> @@ -104,8 +105,12 @@ <field> <fielddescr>Zone Master IP</fielddescr> <fieldname>masterip</fieldname> - <description><![CDATA[Set master zone ip you want to use to sync backup server zones with master.<br> - <b>All master zones will be configured as backup on slave servers.<b>]]></description> + <description> + <![CDATA[ + Set master zone ip you want to use to sync backup server zones with master.<br /> + <strong>Note: All master zones will be configured as backup on slave servers.</strong> + ]]> + </description> <type>input</type> <size>20</size> <required/> @@ -114,15 +119,18 @@ <fielddescr>Remote Server</fielddescr> <fieldname>none</fieldname> <type>rowhelper</type> - <description><![CDATA[<b>Do not forget to:</b><br> - Create firewall rules to allow zone transfer between master and slave servers.<br> - Create a acls with these slave servers.<br> - Include created acl on allow-transfer option on zone config.]]></description> + <description><![CDATA[ + <strong>Do not forget to:</strong><br /> + Create firewall rules to allow zone transfer between master and slave servers.<br /> + Create ACLs with these slave servers.<br /> + Include created ACLs on allow-transfer option on zone config. + ]]> + </description> <rowhelper> <rowhelperfield> <fielddescr>IP Address</fielddescr> <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> + <description>IP Address of remote server.</description> <type>input</type> <size>20</size> </rowhelperfield> @@ -136,8 +144,4 @@ </rowhelper> </field> </fields> - <custom_php_validation_command> - </custom_php_validation_command> - <custom_php_resync_config_command> - </custom_php_resync_config_command> </packagegui> diff --git a/config/bind/bind_views.xml b/config/bind/bind_views.xml index 7d38f481..29bf9bb3 100644 --- a/config/bind/bind_views.xml +++ b/config/bind/bind_views.xml @@ -1,61 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind_zone.xml - part of pfSense (http://www.pfSense.com) - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + bind_views.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bindviews</name> - <version>0.1.0</version> - <title>Bind: Views Settings</title> + <version>0.4.0</version> + <title>BIND: Views Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> - <menu> - <name>BIND Server</name> - <tooltiptext></tooltiptext> - <section>Services</section> - <configfile>bind.xml</configfile> - </menu> <tabs> <tab> <text>Settings</text> @@ -108,10 +97,12 @@ <field> <fielddescr>Recursion</fielddescr> <fieldname>recursion</fieldname> - <description>A recursive query occurs when your DNS server is queried for a domain that it - currently knows nothing about, in which case it will try to resolve the given host by - performing further queries (eg by starting at the root servers and working out, or by - simply passing the request to yet another DNS server). + <description> + <![CDATA[ + A recursive query occurs when your DNS server is queried for a domain that it currently knows nothing about, + in which case it will try to resolve the given host by performing further queries + (e.g. by starting at the root servers and working out, or by simply passing the request to yet another DNS server). + ]]> </description> <type>select</type> <options> @@ -120,11 +111,13 @@ </options> </field> <field> - <fielddescr>Match-clients</fielddescr> + <fielddescr>match-clients</fielddescr> <fieldname>match-clients</fieldname> - <description>If either or both of match-clients are missing they default to any (all hosts - match). The match-clients statement defines the address_match_list for the source IP - address of the incoming messages. + <description> + <![CDATA[ + If either or both of match-clients are missing they default to any (all hosts match).<br /> + The match-clients statement defines the address_match_list for the source IP address of the incoming messages. + ]]> </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> @@ -134,10 +127,13 @@ <size>03</size> </field> <field> - <fielddescr>Allow-recursion</fielddescr> + <fielddescr>allow-recursion</fielddescr> <fieldname>allow-recursion</fieldname> - <description>For example, if you have one DNS server serving your local network, you may want - all of your local computers to use your DNS server. + <description> + <![CDATA[ + For example, if you have one DNS server serving your local network, you may want + all of your local computers to use your DNS server. + ]]> </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> @@ -154,18 +150,13 @@ <field> <fielddescr>Custom Options</fielddescr> <fieldname>bind_custom_options</fieldname> - <description>You can put your own custom options here, separated by semi-colons (;). - </description> + <description>You can put your own custom options here, separated by semi-colons (;).</description> <type>textarea</type> <cols>65</cols> <rows>8</rows> <encoding>base64</encoding> </field> </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_delete_php_command> - </custom_delete_php_command> <custom_php_resync_config_command> bind_sync(); </custom_php_resync_config_command> diff --git a/config/bind/bind_zones.xml b/config/bind/bind_zones.xml index c289ddd3..e923cbb4 100644 --- a/config/bind/bind_zones.xml +++ b/config/bind/bind_zones.xml @@ -1,61 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - bind_zone.xml - part of pfSense (http://www.pfSense.com) - part of the Bind package for pfSense - Copyright (C) 2013 Juliano Oliveira/Adriano Brancher - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + bind_zones.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Juliano Oliveira + Copyright (C) 2013 Adriano Brancher + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>bindzone</name> <version>none</version> <title>BIND: Zones Settings</title> <include_file>/usr/local/pkg/bind.inc</include_file> - <menu> - <name>BIND Server</name> - <tooltiptext></tooltiptext> - <section>Services</section> - <configfile>bind.xml</configfile> - </menu> <tabs> <tab> <text>Settings</text> @@ -116,17 +105,21 @@ <fieldname>temp01</fieldname> </field> <field> - <fielddescr>Disable this zone</fielddescr> + <fielddescr>Disable This Zone</fielddescr> <fieldname>disabled</fieldname> - <description><![CDATA[Do not include this zone in BIND config files.]]></description> + <description>Do not include this zone in BIND config files.</description> <type>checkbox</type> </field> <field> <fielddescr>Zone Name</fielddescr> <fieldname>name</fieldname> - <description><![CDATA[Enter the name for zone (e.g. example.com)<br> - For reverse zones, include zone IP in reverse order. (e.g. 1.168.192)<br> - IN-ADDR.ARPA will be automaticaly included in config files when reverse zone option is checked.]]></description> + <description> + <![CDATA[ + Enter the name for this zone (e.g. example.com)<br /> + For reverse zones, include zone IP in reverse order. (e.g. 1.168.192)<br /> + <strong>Note: IN-ADDR.ARPA will be automaticaly included in config files when reverse zone option is checked.</strong> + ]]> + </description> <type>input</type> <required/> </field> @@ -140,7 +133,7 @@ <field> <fielddescr>Zone Type</fielddescr> <fieldname>type</fieldname> - <description><![CDATA[Select zone type.]]></description> + <description>Select zone type.</description> <type>select</type> <options> <option><name>Master</name><value>master</value><enablefields>description</enablefields></option> @@ -154,7 +147,7 @@ <field> <fielddescr>View</fielddescr> <fieldname>view</fieldname> - <description><![CDATA[Select(CTRL+click) views that this zone will belong.]]></description> + <description>Select (CTRL+click) the views that this zone will belong to.</description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindviews']['config']]]></source> <source_name>name</source_name> @@ -165,14 +158,14 @@ <field> <fielddescr>Reverse Zone</fielddescr> <fieldname>reverso</fieldname> - <description>Enable if this is a reverse zone.</description> + <description>Check if this is a reverse zone.</description> <type>checkbox</type> <enablefields>reversv6o</enablefields> </field> <field> <fielddescr>IPv6 Reverse Zone</fielddescr> <fieldname>reversv6o</fieldname> - <description>Enable if this is a IPv6 reverse zone. Reverse Zone must also be enabled.</description> + <description>Check if this is an IPv6 reverse zone. Reverse Zone must also be enabled.</description> <type>checkbox</type> </field> <field> @@ -193,20 +186,28 @@ <fielddescr>Inline Signing</fielddescr> <fieldname>dnssec</fieldname> <enablefields>backupkeys</enablefields> - <description><![CDATA[<a target=_new href='https://kb.isc.org/article/AA-00626/109/Inline-Signing-in-ISC-BIND-9.9.0-Examples.html'>Enable inline DNSSEC signing</a> for this zone.]]></description> + <description> + <![CDATA[ + <a href="https://kb.isc.org/article/AA-00626/109/Inline-Signing-in-ISC-BIND-9.9.0-Examples.html">Enable inline DNSSEC signing</a> for this zone. + ]]> + </description> <type>checkbox</type> </field> <field> - <fielddescr>backup keys</fielddescr> + <fielddescr>Backup Keys</fielddescr> <fieldname>backupkeys</fieldname> - <description><![CDATA[Enable this option to include all DNSSEC key files on XML.]]></description> + <description>Enable this option to include all DNSSEC key files in XML.</description> <type>checkbox</type> </field> <field> <fielddescr>DSSET</fielddescr> <fieldname>dsset</fieldname> - <description><![CDATA[Digest fingerprint of the Key Signing Key for this zone.<br> - Upload this DSSET to your domain root server.]]></description> + <description> + <![CDATA[ + Digest fingerprint of the Key Signing Key for this zone.<br /> + Upload this DSSET to your domain root server. + ]]> + </description> <type>textarea</type> <cols>75</cols> <rows>3</rows> @@ -220,8 +221,7 @@ <field> <fielddescr>Master Zone IP</fielddescr> <fieldname>slaveip</fieldname> - <description>If this is a slave zone, enter the IP address of the master DNS server. - </description> + <description>If this is a slave zone, enter the IP address of the master DNS server.</description> <type>input</type> </field> <field> @@ -236,7 +236,6 @@ <type>input</type> <size>70</size> </field> - <field> <type>listtopic</type> <name>Master Zone Configuration</name> @@ -245,20 +244,23 @@ <field> <fielddescr>TLL</fielddescr> <fieldname>tll</fieldname> - <description>Default expiration time of all resource records without their own TTL value - </description> + <description>Default expiration time of all resource records without their own TTL value.</description> <type>input</type> </field> <field> <fielddescr>Name Server</fielddescr> <fieldname>nameserver</fieldname> - <description>Enter nameserver for this zone</description> + <description>Enter nameserver for this zone.</description> <type>input</type> </field> <field> <fielddescr>Base Domain IP</fielddescr> <fieldname>ipns</fieldname> - <description>Enter IP address for base domain lookup. Ex: nslookup mydomain.com</description> + <description> + <![CDATA[ + Enter IP address for base domain lookup. (Meaning, what IP should <em>nslookup mydomain.com</em> return.) + ]]> + </description> <type>input</type> </field> <field> @@ -270,42 +272,47 @@ <field> <fielddescr>Serial</fielddescr> <fieldname>serial</fieldname> - <description>Parsed value for the slave to update the DNS zone</description> + <description>Parsed value for the slave to update the DNS zone.</description> <type>input</type> </field> <field> <fielddescr>Refresh</fielddescr> <fieldname>refresh</fieldname> - <description>Slave refresh (1 day)</description> + <description>Slave refresh (Default: 1 day)</description> <type>input</type> <default_value>1d</default_value> </field> <field> <fielddescr>Retry</fielddescr> <fieldname>retry</fieldname> - <description>Slave retry time in case of a problem (2 hours)</description> + <description>Slave retry time in case of a problem (Default: 2 hours)</description> <type>input</type> <default_value>2h</default_value> </field> <field> <fielddescr>Expire</fielddescr> <fieldname>expire</fieldname> - <description>Slave expiration time (4 weeks)</description> + <description>Slave expiration time (Default: 4 weeks)</description> <type>input</type> <default_value>4w</default_value> </field> <field> <fielddescr>Minimum</fielddescr> <fieldname>minimum</fieldname> - <description>Maximum caching time in case of failed lookups (1 hour)</description> + <description>Maximum caching time in case of failed lookups (Default: 1 hour)</description> <type>input</type> <default_value>1h</default_value> </field> <field> - <fielddescr>Allow-update</fielddescr> + <fielddescr>allow-update</fielddescr> <fieldname>allowupdate</fieldname> - <description><![CDATA[Select(CTRL+click) who are allowed to send updates to this zone.<br> - Allow-update defines a match list eg IP address(es) that are allowed to submit dynamic updates for 'master' zones, ie it enables Dynamic DNS (DDNS).]]></description> + <description> + <![CDATA[ + Select(CTRL+click) who is allowed to send updates to this zone.<br /> + The allow-update statement defines a match list of IP address(es) that are allowed + to submit dynamic updates for 'master' zones - i.e., it enables Dynamic DNS (DDNS). + ]]> + </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> <source_name>name</source_name> @@ -314,26 +321,38 @@ <size>03</size> </field> <field> - <fielddescr>Enable Update-policy</fielddescr> + <fielddescr>Enable update-policy</fielddescr> <fieldname>enable_updatepolicy</fieldname> - <description><![CDATA[Enable Update-policy which overrides Allow-update.<br> - The update-policy statement replaces the allow-update statement.]]></description> + <description> + <![CDATA[ + Enable update-policy which overrides allow-update.<br /> + The update-policy statement replaces the allow-update statement. + ]]> + </description> <type>checkbox</type> <enablefields>updatepolicy</enablefields> </field> <field> - <fielddescr>Update-policy</fielddescr> + <fielddescr>update-policy</fielddescr> <fieldname>updatepolicy</fieldname> - <description><![CDATA[Update-policy defines the policy for submitting dynamic updates to 'master' zones.<br> - Do not include the surrounding { } when using multiple statements]]></description> + <description> + <![CDATA[ + The update-policy statement defines the policy for submitting dynamic updates to 'master' zones.<br /> + <strong>Note: Do NOT include the surrounding { } when using multiple statements!</strong> + ]]> + </description> <type>input</type> <size>75</size> </field> <field> - <fielddescr>Allow-query</fielddescr> + <fielddescr>allow-query</fielddescr> <fieldname>allowquery</fieldname> - <description><![CDATA[Select(CTRL+click) who are allowed to query this zone.<br> - Allow-query defines an match list of IP address(es) which are allowed to issue queries to the server.]]></description> + <description> + <![CDATA[ + Select (CTRL+click) who is allowed to query this zone.<br /> + The allow-query statement defines a match list of IP address(es) which are allowed to issue queries to the server. + ]]> + </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> <source_name>name</source_name> @@ -342,10 +361,20 @@ <size>03</size> </field> <field> - <fielddescr>Allow-transfer</fielddescr> + <fielddescr>allow-transfer</fielddescr> <fieldname>allowtransfer</fieldname> - <description><![CDATA[Select(CTRL+click) who are allowed to copy this zone.<br> - Allow-transfer defines a match list eg IP address(es) that are allowed to transfer (copy) the zone information from the server (master or slave for the zone). While on its face this may seem an excessively friendly default, DNS data is essentially public (that's why its there) and the bad guys can get all of it anyway. However if the thought of anyone being able to transfer your precious zone file is repugnant, or (and this is far more significant) you are concerned about possible DoS attack initiated by XFER requests, then use the following policy.]]></description> + <description> + <![CDATA[ + Select (CTRL+click) who is allowed to copy this zone.<br /> + The allow-transfer statement defines a match list of IP address(es) that are allowed to transfer + (copy) the zone information from the server (master or slave for the zone). While on its face this may + seem an excessively friendly default, DNS data is essentially public (that's why its there) and the bad guys + can get all of it anyway.<br /><br /> + However, if the thought of anyone being able to transfer your precious zone file is repugnant, or + (and this is far more significant) you are concerned about possible DoS attack initiated by XFER requests, + then you should use the following policy. + ]]> + </description> <type>select_source</type> <source><![CDATA[$config['installedpackages']['bindacls']['config']]]></source> <source_name>name</source_name> @@ -359,26 +388,30 @@ <fieldname>temp02</fieldname> </field> <field> - <fielddescr>Enter Domain records.</fielddescr> - <description><![CDATA[<b>"Record"</b> is the name or last octet of IP. Example: www or pop<br> - <b>"Type"</b> is the type of the record Sample: A CNAME MX NS<br> - <b>"Priority"</b> in used only in mx records to define its priority<br> - <b>"Alias or IP address"</b> is the destination host or ip address.<br><br> - You can order elements on this list with drag and drop between columns.]]></description> + <fielddescr>Enter Domain Records</fielddescr> + <description> + <![CDATA[ + <strong>"Record"</strong> is the name or last octet of an IP. (Example: www, pop, smtp)<br /> + <strong>"Type"</strong> is the type of the record. (Example: A, CNAME, MX, NS)<br /> + <strong>"Priority"</strong> is used only in MX records to define their priority.<br /> + <strong>"Alias or IP address"</strong> is the destination host or IP address.<br /><br /> + Note: You can order the elements on this list with drag and drop. + ]]> + </description> <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> <rowhelperfield> <fielddescr>Record</fielddescr> <fieldname>hostname</fieldname> - <description>Enter the Host Name (ex: www)</description> + <description>Enter the Host Name (Example: www)</description> <type>input</type> <size>10</size> </rowhelperfield> <rowhelperfield> <fielddescr>Type</fielddescr> <fieldname>hosttype</fieldname> - <description>Select Type Host</description> + <description>Select record type for this host.</description> <type>select</type> <options> <option><name>A</name><value>A</value></option> @@ -397,15 +430,14 @@ <rowhelperfield> <fielddescr>Priority</fielddescr> <fieldname>hostvalue</fieldname> - <description>MX 10 or 20</description> + <description>Priority for MX record. (Example: 10 or 20)</description> <type>input</type> <size>3</size> </rowhelperfield> <rowhelperfield> <fielddescr>Alias or IP address</fielddescr> <fieldname>hostdst</fieldname> - <description>Enter the IP address or FQDN destination for domain MX (ex: 10.31.11.1 or mail.example.com) - </description> + <description>Enter the IP address or FQDN destination for domain's MX (Example: 10.31.11.1 or mail.example.com)</description> <type>input</type> <size>35</size> </rowhelperfield> @@ -414,22 +446,24 @@ </field> <field> <fieldname>regdhcpstatic</fieldname> - <fielddescr>Register DHCP static mappings</fielddescr> - <description>If this option is set, then DHCP static mappings will be registered in DNS, so that - their name can be resolved. - </description> + <fielddescr>Register DHCP Static Mappings</fielddescr> + <description>If this option is set, then DHCP static mappings will be registered in DNS, so that their name can be resolved.</description> <type>checkbox</type> </field> <field> <type>listtopic</type> - <name>Custom Zone Domain records</name> + <name>Custom Zone Domain Records</name> <fieldname>temp02</fieldname> </field> <field> <fielddescr></fielddescr> <fieldname>customzonerecords</fieldname> - <description><![CDATA[Paste any custom zone records to include in this zone.<br> - This can be used for a fast migration setup.]]></description> + <description> + <![CDATA[ + Paste any custom zone records to include in this zone.<br /> + This can be used for a fast migration setup. + ]]> + </description> <type>textarea</type> <cols>84</cols> <rows>10</rows> @@ -439,7 +473,7 @@ </field> <field> <type>listtopic</type> - <name>Resulting zone config file</name> + <name>Resulting Zone Config File</name> </field> <field> <fielddescr></fielddescr> @@ -459,13 +493,13 @@ <custom_php_after_head_command> bind_print_javascript_type_zone(); </custom_php_after_head_command> - <custom_php_command_before_form> - </custom_php_command_before_form> <custom_php_validation_command> - if ($_POST['type']=="master" and $_POST['serial']=="") { - $_POST['serial']=(date("U")+ 1000000000); + <![CDATA[ + if ($_POST['type'] == "master" and $_POST['serial'] == "") { + $_POST['serial'] = (date("U") + 1000000000); } bind_zone_validate($_POST, $input_errors); + ]]> </custom_php_validation_command> <custom_delete_php_command> bind_sync(); diff --git a/config/blinkled8/blinkled.priv.inc b/config/blinkled8/blinkled.priv.inc new file mode 100644 index 00000000..af75f0bc --- /dev/null +++ b/config/blinkled8/blinkled.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + blinkled.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-interfaces-blinkled'] = array(); +$priv_list['page-interfaces-blinkled']['name'] = "WebCfg - Interfaces: blinkled package"; +$priv_list['page-interfaces-blinkled']['descr'] = "Allow access to blinkled package GUI"; +$priv_list['page-interfaces-blinkled']['match'] = array(); +$priv_list['page-interfaces-blinkled']['match'][] = "pkg_edit.php?xml=blinkled.xml*"; + +?> diff --git a/config/blinkled8/blinkled.xml b/config/blinkled8/blinkled.xml index 2502f3ff..7ed7b4e5 100644 --- a/config/blinkled8/blinkled.xml +++ b/config/blinkled8/blinkled.xml @@ -43,7 +43,7 @@ </copyright> <title>Interfaces: Assign LEDs</title> <name>blinkled</name> - <version>0.4.5</version> + <version>0.4.6</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/blinkled.inc</include_file> <menu> @@ -56,6 +56,10 @@ <item>https://packages.pfsense.org/packages/config/blinkled8/blinkled.inc</item> <prefix>/usr/local/pkg/</prefix> </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/blinkled8/blinkled.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> <service> <name>blinkled</name> <rcfile>blinkled.sh</rcfile> diff --git a/config/checkmk-agent/checkmk.priv.inc b/config/checkmk-agent/checkmk.priv.inc new file mode 100644 index 00000000..769563cf --- /dev/null +++ b/config/checkmk-agent/checkmk.priv.inc @@ -0,0 +1,39 @@ +<?php +/* + checkmk.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-checkmk'] = array(); +$priv_list['page-diagnostics-checkmk']['name'] = "WebCfg - Diagnostics: Check_mk agent package"; +$priv_list['page-diagnostics-checkmk']['descr'] = "Allow access to Check_mk agent package GUI"; + +$priv_list['page-diagnostics-checkmk']['match'] = array(); +$priv_list['page-diagnostics-checkmk']['match'][] = "pkg_edit.php?xml=checkmk.xml*"; +$priv_list['page-diagnostics-checkmk']['match'][] = "pkg_edit.php?xml=checkmk_sync.xml*"; + +?> diff --git a/config/checkmk-agent/checkmk.xml b/config/checkmk-agent/checkmk.xml index 786a7977..b24edca7 100644 --- a/config/checkmk-agent/checkmk.xml +++ b/config/checkmk-agent/checkmk.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>checkmk</name> - <version>0.1.4</version> + <version>0.1.5</version> <title>check_mk Agent</title> <include_file>/usr/local/pkg/checkmk.inc</include_file> <additional_files_needed> @@ -50,6 +50,10 @@ <item>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk_sync.xml</item> </additional_files_needed> diff --git a/config/cron/cron.inc b/config/cron/cron.inc index 7a7a8993..645575d9 100644 --- a/config/cron/cron.inc +++ b/config/cron/cron.inc @@ -40,7 +40,6 @@ function cron_sync_package() { } function cron_install_command() { - conf_mount_rw(); // Clean up possible lingering garbage after previous package versions unlink_if_exists("/usr/local/etc/rc.d/cron.sh"); cron_sync_package(); diff --git a/config/cron/cron.priv.inc b/config/cron/cron.priv.inc new file mode 100644 index 00000000..5917e046 --- /dev/null +++ b/config/cron/cron.priv.inc @@ -0,0 +1,39 @@ +<?php +/* + cron.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-cronpackage'] = array(); +$priv_list['page-services-cronpackage']['name'] = "WebCfg - Services: Cron package"; +$priv_list['page-services-cronpackage']['descr'] = "Allow access to Cron package GUI"; +$priv_list['page-services-cronpackage']['match'] = array(); +$priv_list['page-services-cronpackage']['match'][] = "packages/cron/cron.php*"; +$priv_list['page-services-cronpackage']['match'][] = "packages/cron/cron_edit.php*"; +$priv_list['page-services-cronpackage']['match'][] = "packages/cron/index.php*"; + +?> diff --git a/config/cron/cron.xml b/config/cron/cron.xml index 84b7f07e..f777faff 100644 --- a/config/cron/cron.xml +++ b/config/cron/cron.xml @@ -43,7 +43,7 @@ </copyright> <description>Cron</description> <name>Cron Settings</name> - <version>0.3.0</version> + <version>0.3.1</version> <title>Settings</title> <include_file>/usr/local/pkg/cron.inc</include_file> <menu> @@ -63,6 +63,10 @@ <item>https://packages.pfsense.org/packages/config/cron/cron.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/cron/cron.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/packages/cron/</prefix> <item>https://packages.pfsense.org/packages/config/cron/cron.php</item> </additional_files_needed> diff --git a/config/darkstat/darkstat.priv.inc b/config/darkstat/darkstat.priv.inc new file mode 100644 index 00000000..9d085da7 --- /dev/null +++ b/config/darkstat/darkstat.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + darkstat.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-darkstat'] = array(); +$priv_list['page-diagnostics-darkstat']['name'] = "WebCfg - Diagnostics: Darkstat package"; +$priv_list['page-diagnostics-darkstat']['descr'] = "Allow access to Darkstat package GUI"; +$priv_list['page-diagnostics-darkstat']['match'] = array(); +$priv_list['page-diagnostics-darkstat']['match'][] = "pkg_edit.php?xml=darkstat.xml*"; + +?> diff --git a/config/darkstat/darkstat.xml b/config/darkstat/darkstat.xml index 3b691741..3dbc46f6 100644 --- a/config/darkstat/darkstat.xml +++ b/config/darkstat/darkstat.xml @@ -41,7 +41,7 @@ ]]> </copyright> <name>Darkstat</name> - <version>3.1</version> + <version>3.1.1</version> <title>Diagnostics: Darkstat</title> <menu> <name>Darkstat Settings</name> @@ -56,6 +56,10 @@ <description>Darkstat bandwidth monitoring daemon</description> </service> <configpath>installedpackages->package->$packagename->configuration->settings</configpath> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/darkstat/darkstat.priv.inc</item> + </additional_files_needed> <tabs> <tab> <text>Darkstat Settings</text> diff --git a/config/diag_states_pt/diag_new_states.priv.inc b/config/diag_states_pt/diag_new_states.priv.inc new file mode 100644 index 00000000..41fda796 --- /dev/null +++ b/config/diag_states_pt/diag_new_states.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + diag_new_states.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-diag_new_states'] = array(); +$priv_list['page-diagnostics-diag_new_states']['name'] = "WebCfg - Diagnostics: diag_new_states package"; +$priv_list['page-diagnostics-diag_new_states']['descr'] = "Allow access to diag_new_states package GUI"; +$priv_list['page-diagnostics-diag_new_states']['match'] = array(); +$priv_list['page-diagnostics-diag_new_states']['match'][] = "diag_new_states.php*"; + +?> diff --git a/config/diag_states_pt/diag_new_states.xml b/config/diag_states_pt/diag_new_states.xml index 849c4b55..941d69fc 100644 --- a/config/diag_states_pt/diag_new_states.xml +++ b/config/diag_states_pt/diag_new_states.xml @@ -54,4 +54,8 @@ <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.php</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/diag_states_pt/diag_new_states.priv.inc</item> + </additional_files_needed> </packagegui> diff --git a/config/filemgr/file_manager.php b/config/filemgr/file_manager.php index 5e858591..1c9edb61 100644 --- a/config/filemgr/file_manager.php +++ b/config/filemgr/file_manager.php @@ -193,19 +193,19 @@ if ('ok' == 'ok') { } $container .= <<<EOF -<table border=\"0\" cellspacing=\"1\" cellpadding=\"1\" class=\"list\" width=\"100%\" summary=\"file manager\"> +<table border="0" cellspacing="1" cellpadding="1" class="list" width="100%" summary="file manager"> <tr> - <th style=\"padding:0;width:18px\"> </th> + <th style="padding:0; width:18px"> </th> <th>Name</th> - <th colspan=\"5\"> </th> + <th colspan="5"> </th> <th>Ext.</th> <th>Size</th> <th>Date</th> <th>Attributes</th> </tr> <tr> - <td style=\"padding:0;width:18px\" title=\"UP one level\"><img width=\"16\" height=\"16\" src=\"rbfmimg/folder.png\" alt=\"F\" {$up_one_level} /></td> - <td colspan=\"11\"><b title=\"UP one level\"{$up_one_level}>[..]</b></td> + <td style="padding:0; width:18px" title="UP one level"><img width="16" height="16" src="rbfmimg/folder.png" alt="F" {$up_one_level} /></td> + <td colspan="11"><b title="UP one level"{$up_one_level}>[..]</b></td> </tr> EOF; @@ -231,39 +231,40 @@ EOF; $use_url = "<img src=\"rbfmimg/ico_use_file_inactive.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"U\" title=\"Use URL (Inactive!!!)\" />"; } - + $cfe = urlencode($current_folder); + $vfe = urlencode($v); $container .= <<<EOF <tr> - <td style=\"padding:0;width:18px\"> - <img width=\"16\" height=\"16\" src=\"rbfmimg/folder.png\" alt=\"Folder\" ondblclick=\"document.location='{$_SERVER['PHP_SELF']}?p=".urlencode($current_folder.$vf)."'\" /> + <td style="padding:0; width:18px"> + <img width="16" height="16" src="rbfmimg/folder.png" alt="Folder" ondblclick="document.location='{$_SERVER['PHP_SELF']}?p={$cfe}{$vfe}'" /> </td> <td> - <div style=\"padding-top:2px;\" id=\"f{$id}\" ondblclick=\"document.location='{$_SERVER['PHP_SELF']}?p=".urlencode($current_folder.$vf)."'\"> + <div style="padding-top:2px;" id="f{$id}" ondblclick="document.location='{$_SERVER['PHP_SELF']}?p={$cfe}{$vfe}'"> {$v} </div> - <form class=\"rename_field\" id=\"r{$id}\" name=\"r{$id}\" method=\"post\" action=\"rbfminc/rename.php\" target=\"results\" onsubmit=\"this.n.blur(); return false\"> - <input class=\"input_name rename_input\" name=\"n\" type=\"text\" value=\"{$v}\" id=\"rf{$id}\" onblur=\"document.form{$id}.submit(); document.getElementById('f{$id}').style.display = 'block'; document.getElementById('r{$id}').style.display = 'none'; document.getElementById('f{$id}').innerHTML = this.value; document.form{$id}.o.value = this.value;\" /> - <input name=\"cf\" type=\"hidden\" value=\"{$current_folder}\" /> - <input name=\"o\" type=\"hidden\" value=\"{$v}\" /> - <input name=\"t\" type=\"hidden\" value=\"d\" /> - <input name=\"submitS\" type=\"submit\" value=\"submitS\" style='display: none; width:0;height:0' /> + <form class="rename_field" id="r{$id}" name="r{$id}" method="post" action="rbfminc/rename.php" target="results" onsubmit="this.n.blur(); return false"> + <input class="input_name rename_input" name="n" type="text" value="{$v}" id="rf{$id}" onblur="document.form{$id}.submit(); document.getElementById('f{$id}').style.display = 'block'; document.getElementById('r{$id}').style.display = 'none'; document.getElementById('f{$id}').innerHTML = this.value; document.form{$id}.o.value = this.value;" /> + <input name="cf" type="hidden" value="{$current_folder}" /> + <input name="o" type="hidden" value="{$v}" /> + <input name="t" type="hidden" value="d" /> + <input name="submitS" type="submit" value="submitS" style='display: none; width:0; height:0' /> </form> </td> <!--<td>{$use_url}</td>--> <td>{$browser}</td> <td> </td> <td> - <img width=\"16\" height=\"16\" src=\"rbfmimg/ico_rename.png\" alt=\"Rename\" title=\"Rename\" onclick=\" document.getElementById('r{$id}').style.display = 'block'; document.getElementById('f{$id}').style.display = 'none'; document.getElementById('rf{$id}').focus(); document.getElementById('rf{$id}').select()\" /> + <img width="16" height="16" src="rbfmimg/ico_rename.png" alt="Rename" title="Rename" onclick="document.getElementById('r{$id}').style.display = 'block'; document.getElementById('f{$id}').style.display = 'none'; document.getElementById('rf{$id}').focus(); document.getElementById('rf{$id}').select()" /> </td> <td> </td> <td> - <img width=\"16\" height=\"16\" src=\"rbfmimg/ico_delete.png\" alt=\"D\" title=\"Delete\" onclick=\"if(confirm('Delete folder "{$v}"?') && confirm('You cannot undo this operation!!!') && confirm('To delete this folder "{$v}" press OK\\nTo cancel this operation press CANCEL')){document.location = 'file_manager.php?p=".urlencode($current_folder)."&do=delete&file=".urlencode($v)."&type=directory'}\" /> + <img width="16" height="16" src="rbfmimg/ico_delete.png" alt="D" title="Delete" onclick="if(confirm('Delete folder "{$v}"?') && confirm('You cannot undo this operation!!!') && confirm('To delete this folder "{$v}" press OK\\nTo cancel this operation press CANCEL')){document.location='file_manager.php?p={$cf}&do=delete&file={$vfe}&type=directory'}" /> </td> - <td class=\"srow\"> </td> + <td class="srow"> </td> <td><b><DIR></b></td> - <td class=\"srow\">{$last_updated_time}</td> - <td class=\"fileperms\">{$fileperms}</td> + <td class="srow">{$last_updated_time}</td> + <td class="fileperms">{$fileperms}</td> </tr> EOF; @@ -315,40 +316,42 @@ EOF; $use_url = "<img src=\"rbfmimg/ico_use_file_inactive.png\" border=\"0\" width=\"16\" height=\"16\" alt=\"U\" title=\"Use URL (Inactive!!!)\" />"; } + $cfe = urlencode($current_folder); + $vfe = urlencode($v); $container .= <<<EOF <tr> - <td style=\"padding:0;width:18px\"> - <img width=\"16\" height=\"16\" src=\"rbfmimg/{$file_image}\" alt=\"File\" ondblclick=\"document.location = 'rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."'\" /> + <td style="padding:0; width:18px"> + <img width="16" height="16" src="rbfmimg/{$file_image}" alt="File" ondblclick="document.location='rbfminc/download.php?p={$cfe}&file_name={$vfe}'" /> </td> <td> - <div style=\"padding-top:2px;\" id=\"f{$id}\" ondblclick=\"document.location = 'rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."'\"> + <div style="padding-top:2px;" id="f{$id}" ondblclick="document.location='rbfminc/download.php?p={$cfe}&file_name={$vfe}'"> {$v} </div> - <form class=\"rename_field\" id=\"r{$id}\" name=\"r{$id}\" method=\"post\" action=\"rbfminc/rename.php\" target=\"results\" onsubmit=\"this.n.blur(); return false\"> - <input name=\"cf\" type=\"hidden\" value=\"{$current_folder}\" /> - <input name=\"o\" type=\"hidden\" value=\"{$v}\" /> - <input name=\"t\" type=\"hidden\" value=\"f\" /> - <input class=\"input_name\" name=\"n\" type=\"text\" value=\"{$v}\" id=\"rf{$id}\" onblur=\"document.form{$id}.submit(); document.getElementById('f{$id}').style.display = 'block'; document.getElementById('r{$id}').style.display = 'none'; document.getElementById('f{$id}').innerHTML = this.value; document.form{$id}.o.value = this.value;\" /> - <input name=\"submitS\" type=\"submit\" value=\"submitS\" style=\"display: none; width:0;height:0\" /> + <form class="rename_field" id="r{$id}" name="r{$id}" method="post" action="rbfminc/rename.php" target="results" onsubmit="this.n.blur(); return false"> + <input name="cf" type="hidden" value="{$current_folder}" /> + <input name="o" type="hidden" value="{$v}" /> + <input name="t" type="hidden" value="f" /> + <input class="input_name" name="n" type="text" value="{$v}" id="rf{$id}" onblur="document.form{$id}.submit(); document.getElementById('f{$id}').style.display = 'block'; document.getElementById('r{$id}').style.display = 'none'; document.getElementById('f{$id}').innerHTML = this.value; document.form{$id}.o.value = this.value;" /> + <input name="submitS" type="submit" value="submitS" style="display: none; width:0;height:0" /> </form> </td> <!--<td>{$use_url}</td>--> <td>{$browser}</td> <td> - <a href=\"rbfminc/download.php?p=".urlencode($current_folder)."&file_name=".urlencode($v)."\"><img width=\"16\" height=\"16\" src=\"rbfmimg/ico_download.png\" alt=\"Download\" title=\"Download\" border=\"0\"/></a> + <a href="rbfminc/download.php?p={$cfe}&file_name={$vfe}"><img width="16" height="16" src="rbfmimg/ico_download.png" alt="Download" title="Download" border="0" /></a> </td> <td> - <img width=\"16\" height=\"16\" src=\"rbfmimg/ico_rename.png\" alt=\"Rename\" title=\"Rename\" onclick=\"document.getElementById('f{$id}').style.display = 'none'; document.getElementById('r{$id}').style.display = 'block'; document.getElementById('rf{$id}').focus(); document.getElementById('rf{$id}').select()\" /> + <img width="16" height="16" src="rbfmimg/ico_rename.png" alt="Rename" title="Rename" onclick="document.getElementById('f{$id}').style.display = 'none'; document.getElementById('r{$id}').style.display = 'block'; document.getElementById('rf{$id}').focus(); document.getElementById('rf{$id}').select()" /> </td> <td>{$edit_file_content}</td> <td> - <img width=\"16\" height=\"16\" src=\"rbfmimg/ico_delete.png\" alt=\"D\" title=\"Delete\" onclick=\"if(confirm('Delete file "{$v}"?') && confirm('You cannot undo this operation!!!') && confirm('To delete this file "{$v}" press OK\\nTo cancel this operation press CANCEL')){document.location = 'file_manager.php?p=".urlencode($current_folder)."&do=delete&file=".urlencode($v)."&type=file'}\" /> + <img width="16" height="16" src="rbfmimg/ico_delete.png" alt="D" title="Delete" onclick="if(confirm('Delete file "{$v}"?') && confirm('You cannot undo this operation!!!') && confirm('To delete this file "{$v}" press OK\\nTo cancel this operation press CANCEL')){document.location='file_manager.php?p={$cfe}&do=delete&file={$vfe}&type=file'}" /> </td> - <td class=\"srow\">{$extension}</td> + <td class="srow">{$extension}</td> <td>{$file_size}</td> - <td class=\"srow\">{$last_updated_time}</td> - <td class=\"fileperms\">{$fileperms}</td> + <td class="srow">{$last_updated_time}</td> + <td class="fileperms">{$fileperms}</td> </tr> EOF; @@ -404,14 +407,16 @@ EOF; if ($_GET['do'] == 'edit') { $file_content = file_get_contents($current_folder.$_GET['f']); + $cfe = urlencode($current_folder); + $fce = htmlentities($file_content); echo <<<EOD -<form id=\"form_edit\" name=\"form_edit\" method=\"post\" action=\"\" style='width: 670px;margin: 10px auto 0;border-top: 1px #999999 solid'> - <a name=\"file_edit\"></a> +<form id="form_edit" name="form_edit" method="post" action="" style='width: 670px;margin: 10px auto 0;border-top: 1px #999999 solid'> + <a name="file_edit"></a> File: <b>{$current_folder}{$_GET['f']}</b><br /> - <textarea name=\"file_content\" id=\"file_content\" cols=\"1\" rows=\"1\" style=\"width: 99%; height: 400px\">".htmlentities ($file_content)."</textarea><br /> - <input name=\"save\" type=\"submit\" value=\"Save\" /> - <input name=\"close\" type=\"button\" value=\"Close file editor\" onclick=\"document.location = 'file_manager.php?f=".urlencode($current_folder)."'\" /> - <input name=\"save_file\" type=\"hidden\" value=\"save_file\" /> + <textarea name="file_content" id="file_content" cols="1" rows="1" style="width: 99%; height: 400px">{$fce}</textarea><br /> + <input name="save" type="submit" value="Save" /> + <input name="close" type="button" value="Close file editor" onclick="document.location='file_manager.php?f={$cfe}'" /> + <input name="save_file" type="hidden" value="save_file" /> </form> EOD; @@ -424,7 +429,7 @@ EOD; <?php if ($alert_info) { echo <<<EOD - <script type=\"text/javascript\"> + <script type="text/javascript"> //<![CDATA[ alert('{$alert_info}'); //]]> @@ -434,7 +439,7 @@ EOD; if ($redirect) { echo <<<EOD - <script type=\"text/javascript\"> + <script type="text/javascript"> //<![CDATA[ document.location = '{$redirect}'; //]]> diff --git a/config/filemgr/filemgr.priv.inc b/config/filemgr/filemgr.priv.inc new file mode 100644 index 00000000..e708ac1b --- /dev/null +++ b/config/filemgr/filemgr.priv.inc @@ -0,0 +1,40 @@ +<?php +/* + filemgr.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-filemgr'] = array(); +$priv_list['page-diagnostics-filemgr']['name'] = "WebCfg - Diagnostics: File Manager package"; +$priv_list['page-diagnostics-filemgr']['descr'] = "Allow access to File Manager package GUI"; + +$priv_list['page-diagnostics-filemgr']['match'] = array(); +$priv_list['page-diagnostics-filemgr']['match'][] = "packages/filemgr/file_manager.php*"; +$priv_list['page-diagnostics-filemgr']['match'][] = "packages/filemgr/index.php*"; +$priv_list['page-diagnostics-filemgr']['match'][] = "packages/filemgr/rbfminc/*.php*"; + +?> diff --git a/config/filemgr/filemgr.xml b/config/filemgr/filemgr.xml index fdcf46d0..3f6ae3c6 100644 --- a/config/filemgr/filemgr.xml +++ b/config/filemgr/filemgr.xml @@ -44,7 +44,7 @@ <description>PHP File Manager</description> <faq>https://forum.pfsense.org/index.php/topic,26974.0.html</faq> <name>File Manager</name> - <version>0.2.0</version> + <version>0.2.1</version> <title>Diagnostics: File Manager</title> <menu> <name>File Manager</name> @@ -65,6 +65,10 @@ <item>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/filemgr/filemgr.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/www/packages/filemgr/</prefix> <item>https://packages.pfsense.org/packages/config/filemgr/file_manager.php</item> </additional_files_needed> @@ -184,4 +188,11 @@ <prefix>/usr/local/www/packages/filemgr/rbfminc/</prefix> <item>https://packages.pfsense.org/packages/config/filemgr/rbfminc/session.php</item> </additional_files_needed> + <custom_php_deinstall_command> + <![CDATA[ + if (is_dir("/usr/local/www/packages/filemgr")) { + mwexec("/bin/rm -rf /usr/local/www/packages/filemgr/"); + } + ]]> + </custom_php_deinstall_command> </packagegui> diff --git a/config/filer/filer.priv.inc b/config/filer/filer.priv.inc new file mode 100644 index 00000000..60dd0cd9 --- /dev/null +++ b/config/filer/filer.priv.inc @@ -0,0 +1,40 @@ +<?php +/* + filer.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-diagnostics-filer'] = array(); +$priv_list['page-diagnostics-filer']['name'] = "WebCfg - Diagnostics: Filer package"; +$priv_list['page-diagnostics-filer']['descr'] = "Allow access to Filer package GUI"; + +$priv_list['page-diagnostics-filer']['match'] = array(); +$priv_list['page-diagnostics-filer']['match'][] = "pkg.php?xml=filer.xml*"; +$priv_list['page-diagnostics-filer']['match'][] = "pkg_edit.php?xml=filer.xml*"; +$priv_list['page-diagnostics-filer']['match'][] = "pkg_edit.php?xml=filer_sync.xml*"; + +?> diff --git a/config/filer/filer.xml b/config/filer/filer.xml index 57125927..b0d6dc49 100644 --- a/config/filer/filer.xml +++ b/config/filer/filer.xml @@ -44,7 +44,7 @@ ]]> </copyright> <name>filer</name> - <version>0.60.4</version> + <version>0.60.5</version> <title>Filer</title> <include_file>/usr/local/pkg/filer.inc</include_file> <additional_files_needed> @@ -52,6 +52,10 @@ <item>https://packages.pfsense.org/packages/config/filer/filer.inc</item> </additional_files_needed> <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/filer/filer.priv.inc</item> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/filer/filer_sync.xml</item> </additional_files_needed> diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 8472ea5e..6d626e3a 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -90,8 +90,7 @@ function freeradius_deinstall_command() { function freeradius_install_command() { global $config, $frlib; - conf_mount_rw(); - + // We create here different folders for different counters. @mkdir("/var/log/radacct/datacounter/daily", 0755, true); @mkdir("/var/log/radacct/datacounter/weekly", 0755, true); @@ -186,7 +185,6 @@ SERVICENAME="radiusd" EOD; $rcfile['stop'] = FREERADIUS_ETC . '/rc.d/radiusd onestop'; write_rcfile($rcfile); - conf_mount_ro(); start_service("radiusd"); } diff --git a/config/ftpproxy/ftpproxy.priv.inc b/config/ftpproxy/ftpproxy.priv.inc new file mode 100644 index 00000000..08c4ebfe --- /dev/null +++ b/config/ftpproxy/ftpproxy.priv.inc @@ -0,0 +1,37 @@ +<?php +/* + ftpproxy.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-ftpproxy'] = array(); +$priv_list['page-services-ftpproxy']['name'] = "WebCfg - Services: FTP Client Proxy package"; +$priv_list['page-services-ftpproxy']['descr'] = "Allow access to FTP Client Proxy package GUI"; +$priv_list['page-services-ftpproxy']['match'] = array(); +$priv_list['page-services-ftpproxy']['match'][] = "pkg_edit.php?xml=ftpproxy.xml*"; + +?> diff --git a/config/ftpproxy/ftpproxy.xml b/config/ftpproxy/ftpproxy.xml index eb2af370..53740832 100644 --- a/config/ftpproxy/ftpproxy.xml +++ b/config/ftpproxy/ftpproxy.xml @@ -41,7 +41,7 @@ ]]> </copyright> <name>FTP Client Proxy</name> - <version>0.2.1</version> + <version>0.2.2</version> <title>FTP Client Proxy</title> <aftersaveredirect>pkg_edit.php?xml=ftpproxy.xml</aftersaveredirect> <include_file>/usr/local/pkg/ftpproxy.inc</include_file> @@ -49,6 +49,10 @@ <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/ftpproxy/ftpproxy.inc</item> </additional_files_needed> + <additional_files_needed> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/ftpproxy/ftpproxy.priv.inc</item> + </additional_files_needed> <menu> <name>FTP Client Proxy</name> <tooltiptext>Modify FTP Client Proxy settings.</tooltiptext> diff --git a/config/git/git.xml b/config/git/git.xml index 6c5254ae..6139fd04 100644 --- a/config/git/git.xml +++ b/config/git/git.xml @@ -3,23 +3,28 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ -/* ========================================================================== */ +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ /* - part of pfSense (http://www.pfSense.com) - Copyright (C) 2013 + git.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013-2015 ESF, LLC All rights reserved. -/* ========================================================================== */ +*/ +/* ====================================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -31,14 +36,12 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ +*/ +/* ====================================================================================== */ ]]> </copyright> <description>git</description> - <requirements>None</requirements> - <faq></faq> <name>git</name> - <version>0.0</version> + <version>2.2.1</version> <title>git</title> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/spamd/spamd_rules.php b/config/gwled/gwled.priv.inc index 27ac850a..3344d3e6 100644 --- a/config/spamd/spamd_rules.php +++ b/config/gwled/gwled.priv.inc @@ -1,8 +1,8 @@ - +<?php /* - spamd_rules.inc - part of pfSense (www.pfSense.com) - Copyright (C) 2004 Scott Ullrich (sullrich@gmail.com) + gwled.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,9 +26,12 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -$wanif = get_real_wan_interface(); -$anchor = "natearly"; -$natrules .= "rdr pass on {$wanif} proto tcp from <spamd> to port smtp -> 127.0.0.1 port spamd\n"; -$natrules .= "rdr pass on {$wanif} proto tcp from !<spamd-white> to port smtp -> 127.0.0.1 port spamd\n"; -$label = "spamd"; -add_rule_to_anchor($anchor, $rule, $label); +global $priv_list; + +$priv_list['page-interfaces-gwled'] = array(); +$priv_list['page-interfaces-gwled']['name'] = "WebCfg - Interfaces: gwled package"; +$priv_list['page-interfaces-gwled']['descr'] = "Allow access to gwled package GUI"; +$priv_list['page-interfaces-gwled']['match'] = array(); +$priv_list['page-interfaces-gwled']['match'][] = "pkg_edit.php?xml=gwled.xml*"; + +?> diff --git a/config/gwled/gwled.xml b/config/gwled/gwled.xml index 5d2a047e..e8f5d3b4 100644 --- a/config/gwled/gwled.xml +++ b/config/gwled/gwled.xml @@ -41,7 +41,7 @@ </copyright> <title>Interfaces: Gateway Status LEDs</title> <name>gwled</name> - <version>0.2.2</version> + <version>0.2.3</version> <savetext>Save</savetext> <include_file>/usr/local/pkg/gwled.inc</include_file> <menu> @@ -55,6 +55,10 @@ <prefix>/usr/local/pkg/</prefix> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/gwled/gwled.priv.inc</item> + <prefix>/etc/inc/priv/</prefix> + </additional_files_needed> + <additional_files_needed> <prefix>/usr/local/bin/</prefix> <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/gwled/gwled.php</item> diff --git a/config/haproxy-devel/haproxy.xml b/config/haproxy-devel/haproxy.xml index 386e43a7..429b6c9f 100644 --- a/config/haproxy-devel/haproxy.xml +++ b/config/haproxy-devel/haproxy.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>haproxy</name> - <version>0.28</version> + <version>0.29</version> <title>HAProxy</title> <aftersaveredirect>/pkg_edit.php?xml=haproxy_pools.php</aftersaveredirect> <include_file>/usr/local/pkg/haproxy.inc</include_file> diff --git a/config/haproxy-devel/pkg/haproxy.inc b/config/haproxy-devel/pkg/haproxy.inc index eceef783..1bc62cb9 100644 --- a/config/haproxy-devel/pkg/haproxy.inc +++ b/config/haproxy-devel/pkg/haproxy.inc @@ -212,7 +212,18 @@ $a_error['500'] = array('descr' => "internal error"); $a_error['502'] = array('descr' => "server response invalid or blocked"); $a_error['503'] = array('descr' => "no server was available to handle the request"); $a_error['504'] = array('descr' => "timeout before the server responds"); - + +global $a_sysloglevel; +$a_sysloglevel = array(); +$a_sysloglevel['emerg'] = array('name' => "Emergency"); +$a_sysloglevel['alert'] = array('name' => "Alert"); +$a_sysloglevel['crit'] = array('name' => "Critical"); +$a_sysloglevel['err'] = array('name' => "Error"); +$a_sysloglevel['warning'] = array('name' => "Warning"); +$a_sysloglevel['notice'] = array('name' => "Notice"); +$a_sysloglevel['info'] = array('name' => "Informational"); +$a_sysloglevel['debug'] = array('name' => "Debugging"); + if(!function_exists('group_ports')){ // function group_ports() is present in pfSense 2.2 in util.inc /* create ranges of sequential port numbers (200:215) and remove duplicates */ @@ -264,6 +275,15 @@ function group_ports($ports) { } } +global $haproxy_version; +function haproxy_verion() { + global $haproxy_version; + if (empty($haproxy_version)) { + $haproxy_version = shell_exec("haproxy -v | head -n 1 | awk '{ print $3 }'"); + } + return $haproxy_version; +} + function haproxy_portoralias_to_list($port_or_alias) { // input: a port or aliasname: 80 https MyPortAlias // returns: a array of ports and portranges 80 443 8000:8010 @@ -347,10 +367,10 @@ function haproxy_custom_php_deinstall_command() { update_output_window($static_output); unlink_if_exists("/usr/local/etc/rc.d/haproxy.sh"); unlink_if_exists("/etc/rc.haproxy_ocsp.sh"); - $static_output .= "HAProxy, installing cron job if needed\n"; + $static_output .= "HAProxy, uninstalling cron job if needed\n"; update_output_window($static_output); - haproxy_install_cron(false); - haproxy_install_cronjob(false, '/etc/rc.haproxy_ocsp.sh'); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command() DONE\n"; update_output_window($static_output); } @@ -360,10 +380,6 @@ function haproxy_custom_php_install_command() { $static_output .= "HAProxy, running haproxy_custom_php_install_command()\n"; update_output_window($static_output); - $static_output .= "HAProxy, conf_mount_rw\n"; - update_output_window($static_output); - conf_mount_rw(); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version == "2.1" || $pf_version == "2.2") $haproxy_binary = "/usr/pbi/haproxy-devel-" . php_uname("m") . "/sbin/haproxy"; @@ -437,7 +453,6 @@ EOD; $haproxy_ocsp = <<<EOD #!/usr/local/bin/php -f - <?php /* @@ -468,10 +483,6 @@ EOD; require_once('haproxy_upgrade_config.inc'); haproxy_upgrade_config(); - $static_output .= "HAProxy, conf_mount_ro\n"; - update_output_window($static_output); - conf_mount_ro(); - $static_output .= "HAProxy, starting haproxy (if previously enabled)\n"; update_output_window($static_output); haproxy_check_run(1); @@ -480,96 +491,6 @@ EOD; update_output_window($static_output); } -function haproxy_install_cronjob($should_install, $script, $interval = 60, $parameters = "") { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], $script)) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/{$interval}"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "$script $parameters"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron job"); - } - configure_cron(); - } - break; - } -} - -function haproxy_install_cron($should_install) { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "/usr/local/etc/rc.d/haproxy.sh")) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/2"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/etc/rc.d/haproxy.sh onecheck"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron CARP job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron CARP job"); - } - configure_cron(); - } - break; - } -} - function haproxy_find_backend($backendname) { global $config; $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; @@ -592,8 +513,11 @@ function haproxy_find_acl($name) { } function write_backend($configpath, $fd, $name, $pool, $backendsettings) { + global $config; $frontend = $backendsettings['frontend']; $ipversion = $backendsettings['ipversion']; + $a_global = &$config['installedpackages']['haproxy']; + $a_mailers = &$config['installedpackages']['haproxy']['email_mailers']['items']; if(!is_array($pool['ha_servers']['item']) && !$pool['stats_enabled']=='yes') return; @@ -610,6 +534,36 @@ function write_backend($configpath, $fd, $name, $pool, $backendsettings) { $backend_mode = $frontendtype; } fwrite ($fd, "\tmode\t\t\t" . $backend_mode . "\n"); + + if (haproxy_verion() >= '1.6') { + $use_mailers = is_array($a_mailers) && count($a_mailers) > 0; + if ($use_mailers) { + fwrite ($fd, "\t# use mailers\n"); + if (empty($pool['email_level'])) { + $email_level = $a_global['email_level']; + } else { + $email_level = $pool['email_level']; + } + + fwrite ($fd, "\t# level $email_level \n"); + if (!empty($email_level) && $email_level != 'dontlog') { + if (empty($pool['email_to'])) { + $email_to = $a_global['email_to']; + } else { + $email_to = $pool['email_to']; + } + + fwrite ($fd, "\temail-alert mailers\t\t\tglobalmailers\n"); + fwrite ($fd, "\temail-alert level\t\t\t{$email_level}\n"); + fwrite ($fd, "\temail-alert from\t\t\t{$a_global['email_from']}\n"); + fwrite ($fd, "\temail-alert to\t\t\t{$email_to}\n"); + if (!empty($a_global['email_myhostname'])) { + fwrite ($fd, "\temail-alert myhostname\t\t\t{$a_global['email_myhostname']}\n"); + } + } + } + } + if ($pool['log-health-checks'] == 'yes') fwrite ($fd, "\toption\t\t\tlog-health-checks\n"); @@ -732,8 +686,6 @@ function write_backend($configpath, $fd, $name, $pool, $backendsettings) { if ($check_type == "Agent") { $checkport = " port " . $pool['monitor_agentport']; } - } else { - $optioncheck = "httpchk"; } if($pool['balance']) @@ -1049,9 +1001,9 @@ function haproxy_updateocsp($socketupdate = true) { haproxy_updateocsp_one($socketupdate, $filename, $frontend['name']); $subfolder = "$configpath/{$frontend['name']}"; - $certs = $frontend['ha_certificates']['item']; - if (is_array($certs)){ - foreach($certs as $cert){ + if (is_arrayset($frontend, 'ha_certificates', 'item')) { + $certs = $frontend['ha_certificates']['item']; + foreach($certs as $cert) { $filename = "$subfolder/{$cert['ssl_certificate']}.pem"; haproxy_updateocsp_one($socketupdate, $filename, $frontend['name']); } @@ -1075,6 +1027,7 @@ function haproxy_writeconf($configpath) { $a_global = &$config['installedpackages']['haproxy']; $a_frontends = &$config['installedpackages']['haproxy']['ha_backends']['item']; $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; + $a_mailers = &$config['installedpackages']['haproxy']['email_mailers']['items']; $fd = fopen($configfile, "w"); if(is_array($a_global)) { @@ -1130,6 +1083,17 @@ function haproxy_writeconf($configpath) { fwrite ($fd, "\n"); } } + + if (haproxy_verion() >= '1.6') { + $use_mailers = is_array($a_mailers) && count($a_mailers) > 0; + if ($use_mailers) { + fwrite ($fd, "mailers globalmailers\n"); + foreach($a_mailers as $mailer) { + fwrite ($fd, "\tmailer {$mailer['name']} {$mailer['mailserver']}:{$mailer['mailserverport']}\n"); + } + fwrite ($fd, "\n"); + } + } // Try and get a unique array for address:port as frontends can duplicate $a_bind = array(); @@ -1158,7 +1122,8 @@ function haproxy_writeconf($configpath) { haproxy_write_certificate_fullchain($filename, $frontend['ssloffloadcert']); if ($frontend['sslocsp'] == 'yes') { - if (!empty(haproxy_getocspurl($filename))) { + $ocspurl = haproxy_getocspurl($filename); + if (!empty($ocspurl)) { haproxy_write_certificate_issuer($filename . ".issuer", $frontend['ssloffloadcert']); touch($filename . ".ocsp");//create initial empty file. this will trigger updates, and inform haproxy it 'should' be using ocsp } @@ -1173,7 +1138,8 @@ function haproxy_writeconf($configpath) { $filenamefoldercert = "$subfolder/{$cert['ssl_certificate']}.pem"; haproxy_write_certificate_fullchain($filenamefoldercert, $cert['ssl_certificate']); if ($frontend['sslocsp'] == 'yes') { - if (!empty(haproxy_getocspurl($filenamefoldercert))) { + $ocspurl = haproxy_getocspurl($filenamefoldercert); + if (!empty($ocspurl)) { haproxy_write_certificate_issuer($filenamefoldercert . ".issuer", $cert['ssl_certificate']); touch($filenamefoldercert . ".ocsp"); } @@ -1737,12 +1703,16 @@ function haproxy_check_run($reload) { haproxy_updateocsp(false); if (isset($a_global['carpdev'])) - haproxy_install_cron(true); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", true, "*/2"); else - haproxy_install_cron(false); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); $useocsp = haproxy_uses_ocsp(); - haproxy_install_cronjob($useocsp, '/etc/rc.haproxy_ocsp.sh', 120); + if ($useocsp == "true") { + install_cron_job("/etc/rc.haproxy_ocsp.sh", true, "*/120"); + } else { + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); + } } if(isset($a_global['enable'])) { diff --git a/config/haproxy-devel/pkg/haproxy_htmllist.inc b/config/haproxy-devel/pkg/haproxy_htmllist.inc index f873028e..394f3ff6 100644 --- a/config/haproxy-devel/pkg/haproxy_htmllist.inc +++ b/config/haproxy-devel/pkg/haproxy_htmllist.inc @@ -114,7 +114,9 @@ class HaproxyHtmlList echo $itemvalue=='yes' ? gettext('yes') : gettext('no'); } else if ($itemtype == "textarea"){ - echo htmlspecialchars(base64_decode($itemvalue)); + echo '<div style="overlow:scroll;max-height:120px;overflow-y: scroll;">'; + echo str_replace("\n","<br/>", htmlspecialchars(base64_decode($itemvalue))); + echo '</div>'; } else echo htmlspecialchars($itemvalue); } diff --git a/config/haproxy-devel/www/haproxy_files.php b/config/haproxy-devel/www/haproxy_files.php index 4946a7be..12ab5a88 100644 --- a/config/haproxy-devel/www/haproxy_files.php +++ b/config/haproxy-devel/www/haproxy_files.php @@ -155,7 +155,7 @@ include("head.inc"); </tr> <tr> <td width="78%"> - <input name="Submit" type="submit" class="formbtn" value="Save" onClick="enable_change(true)" /> + <input name="Submit" type="submit" class="formbtn" value="Save" /> </td> </tr> </table> diff --git a/config/haproxy-devel/www/haproxy_global.php b/config/haproxy-devel/www/haproxy_global.php index 978d778d..2ae92256 100644 --- a/config/haproxy-devel/www/haproxy_global.php +++ b/config/haproxy-devel/www/haproxy_global.php @@ -35,13 +35,38 @@ require_once("haproxy.inc"); require_once("haproxy_utils.inc"); require_once("globals.inc"); require_once("pkg_haproxy_tabs.inc"); +require_once("haproxy_htmllist.inc"); -$simplefields = array('localstats_refreshtime','localstats_sticktable_refreshtime','log-send-hostname','ssldefaultdhparam'); +$simplefields = array('localstats_refreshtime', 'localstats_sticktable_refreshtime', 'log-send-hostname', 'ssldefaultdhparam', + 'email_level', 'email_myhostname', 'email_from', 'email_to'); + +$none = array(); +$none['']['name'] = "Dont log"; +$a_sysloglevel = $none + $a_sysloglevel; + +$fields_mailers = array(); +$fields_mailers[0]['name'] = "name"; +$fields_mailers[0]['columnheader'] = "Name"; +$fields_mailers[0]['colwidth'] = "30%"; +$fields_mailers[0]['type'] = "textbox"; +$fields_mailers[0]['size'] = "20"; +$fields_mailers[1]['name'] = "mailserver"; +$fields_mailers[1]['columnheader'] = "Mailserver"; +$fields_mailers[1]['colwidth'] = "60%"; +$fields_mailers[1]['type'] = "textbox"; +$fields_mailers[1]['size'] = "60"; +$fields_mailers[2]['name'] = "mailserverport"; +$fields_mailers[2]['columnheader'] = "Mailserverport"; +$fields_mailers[2]['colwidth'] = "10%"; +$fields_mailers[2]['type'] = "textbox"; +$fields_mailers[2]['size'] = "10"; + +$mailerslist = new HaproxyHtmlList("table_mailers", $fields_mailers); +$mailerslist->keyfield = "name"; if (!is_array($config['installedpackages']['haproxy'])) $config['installedpackages']['haproxy'] = array(); - if ($_POST) { unset($input_errors); $pconfig = $_POST; @@ -56,16 +81,12 @@ if ($_POST) { if ($result) unlink_if_exists($d_haproxyconfdirty_path); } else { - //if ($_POST['enable']) { - // $reqdfields = explode(" ", "maxconn"); - // $reqdfieldsn = explode(",", "Maximum connections"); - //} + $a_mailers = $mailerslist->haproxy_htmllist_get_values(); + $pool['ha_servers']['item'] = $a_servers; if ($_POST['carpdev'] == "disabled") unset($_POST['carpdev']); - //do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); - if ($_POST['maxconn'] && (!is_numeric($_POST['maxconn']))) $input_errors[] = "The maximum number of connections should be numeric."; @@ -86,6 +107,8 @@ if ($_POST) { $input_errors[] = "Synchost3 needs to be an IPAddress.";*/ if (!$input_errors) { + $config['installedpackages']['haproxy']['email_mailers']['items'] = $a_mailers; + $config['installedpackages']['haproxy']['enable'] = $_POST['enable'] ? true : false; $config['installedpackages']['haproxy']['terminate_on_reload'] = $_POST['terminate_on_reload'] ? true : false; $config['installedpackages']['haproxy']['maxconn'] = $_POST['maxconn'] ? $_POST['maxconn'] : false; @@ -109,6 +132,8 @@ if ($_POST) { } } +$a_mailers = $config['installedpackages']['haproxy']['email_mailers']['items']; + $pconfig['enable'] = isset($config['installedpackages']['haproxy']['enable']); $pconfig['terminate_on_reload'] = isset($config['installedpackages']['haproxy']['terminate_on_reload']); $pconfig['maxconn'] = $config['installedpackages']['haproxy']['maxconn']; @@ -183,6 +208,12 @@ function enable_change(enable_change) { <strong>Enable HAProxy</strong></td> </tr> <tr> + <td width="22%" valign="top" class="vncell">Installed version:</td> + <td width="78%" class="vtable"> + <strong><?=haproxy_verion()?></strong> + </td> + </tr> + <tr> <td valign="top" class="vncell"> Maximum connections </td> @@ -368,6 +399,64 @@ function enable_change(enable_change) { <input name="log-send-hostname" type="text" <?if(isset($pconfig['log-send-hostname'])) echo "value=\"{$pconfig['log-send-hostname']}\"";?> size="18" maxlength="50" /> EXAMPLE: HaproxyMasterNode<br/>Sets the hostname field in the syslog header. If empty defaults to the system hostname. </td> </tr> + <tr><td> </td></tr> + <? if (haproxy_verion() >= '1.6' ) { ?> + <tr> + <td colspan="2" valign="top" class="listtopic">Email notifications</td> + </tr> + <tr> + <td valign="top" class="vncell"> + Mailer servers + </td> + <td class="vtable"> + It is possible to send email alerts when the state of servers changes. If configured email alerts are sent to each mailer that is configured in a mailers section. Email is sent to mailers using SMTP. + <br/> + <? + $counter=0; + $mailerslist->Draw($a_mailers); + ?> + </td> + </tr> + <tr> + <td valign="top" class="vncell"> + Mail level + </td> + <td class="vtable"> + <? + echo_html_select('email_level', $a_sysloglevel, $pconfig['email_level']); + ?> + Define the maximum loglevel to send emails for. + </td> + </tr> + <tr> + <td valign="top" class="vncell"> + Mail myhostname + </td> + <td class="vtable"> + <input name="email_myhostname" type="text" <?if(isset($pconfig['email_myhostname'])) echo "value=\"{$pconfig['email_myhostname']}\"";?> size="50" /><br/> + Define hostname to use as sending the emails. + </td> + </tr> + <tr> + <td valign="top" class="vncell"> + Mail from + </td> + <td class="vtable"> + <input name="email_from" type="text" <?if(isset($pconfig['email_from'])) echo "value=\"{$pconfig['email_from']}\"";?> size="50"/><br/> + Email address to be used as the sender of the emails. + </td> + </tr> + <tr> + <td valign="top" class="vncell"> + Mail to + </td> + <td class="vtable"> + <input name="email_to" type="text" <?if(isset($pconfig['email_to'])) echo "value=\"{$pconfig['email_to']}\"";?> size="50"/><br/> + Email address to send emails to. + </td> + </tr> + <? } ?> + <tr><td> </td></tr> <tr> <td colspan="2" valign="top" class="listtopic">Tuning</td> </tr> @@ -487,7 +576,15 @@ Minimum and default value is: 1024, bigger values might increase CPU usage.<br/> <?php endif; ?> </form> +<? +haproxy_htmllist_js(); +?> <script type="text/javascript"> + totalrows = <?php echo $counter; ?>; +<? + phparray_to_javascriptarray($fields_mailers,"fields_mailers",Array('/*','/*/name','/*/type','/*/size','/*/items','/*/items/*','/*/items/*/*','/*/items/*/*/name')); +?> + function scroll_after_fade() { scrollTo(0,99999999999); } diff --git a/config/haproxy-devel/www/haproxy_pool_edit.php b/config/haproxy-devel/www/haproxy_pool_edit.php index 0824e45c..6cd78741 100644 --- a/config/haproxy-devel/www/haproxy_pool_edit.php +++ b/config/haproxy-devel/www/haproxy_pool_edit.php @@ -65,7 +65,8 @@ $simplefields = array( "stats_enabled","stats_username","stats_password","stats_uri","stats_scope","stats_realm","stats_admin","stats_node","stats_desc","stats_refresh", "persist_stick_expire","persist_stick_tablesize","persist_stick_length","persist_stick_cookiename","persist_sticky_type", "persist_cookie_enabled","persist_cookie_name","persist_cookie_mode","persist_cookie_cachable", -"strict_transport_security","cookie_attribute_secure" +"strict_transport_security", "cookie_attribute_secure", +"email_level", "email_to" ); $primaryfrontends = get_haproxy_frontends(); @@ -73,6 +74,12 @@ $none = array(); $none['']['name']="Address+Port:"; $primaryfrontends = $none + $primaryfrontends; +$default = array(); +$default['']['name'] = "Default level from global"; +$none = array(); +$none['dontlog']['name'] = "Dont log"; +$a_sysloglevel = $default + $none + $a_sysloglevel; + $fields_servers=array(); $fields_servers[0]['name']="status"; $fields_servers[0]['columnheader']="Mode"; @@ -861,6 +868,32 @@ set by the 'retries' parameter.</div> </td> </tr> <tr><td> </td></tr> + <? if (haproxy_verion() >= '1.6' ) { ?> + <tr> + <td colspan="2" valign="top" class="listtopic">Email notifications</td> + </tr> + <tr> + <td valign="top" class="vncell"> + Mail level + </td> + <td class="vtable"> + <? + echo_html_select('email_level', $a_sysloglevel, $pconfig['email_level']); + ?> + Define the maximum loglevel to send emails for. + </td> + </tr> + <tr> + <td valign="top" class="vncell"> + Mail to + </td> + <td class="vtable"> + <input name="email_to" type="text" <?if(isset($pconfig['email_to'])) echo "value=\"{$pconfig['email_to']}\"";?> size="50"/><br/> + Email address to send emails to, defaults to the value set on the global settings tab. + </td> + </tr> + <tr><td> </td></tr> + <? } ?> <tr> <td colspan="2" valign="top" class="listtopic">Statistics</td> </tr> diff --git a/config/haproxy-legacy/haproxy.inc b/config/haproxy-legacy/haproxy.inc index 9058b4a6..55b86882 100644 --- a/config/haproxy-legacy/haproxy.inc +++ b/config/haproxy-legacy/haproxy.inc @@ -69,7 +69,6 @@ function migrate_old_sync_config(){ } function haproxy_custom_php_install_command() { global $g, $config; - conf_mount_rw(); $haproxy = <<<EOD #!/bin/sh @@ -118,7 +117,6 @@ EOD; fclose($fd); exec("chmod a+rx /usr/local/etc/rc.d/haproxy.sh"); migrate_old_sync_config(); - conf_mount_ro(); exec("/usr/local/etc/rc.d/haproxy.sh start"); } diff --git a/config/haproxy-legacy/haproxy.xml b/config/haproxy-legacy/haproxy.xml index 8892c77c..99345ac5 100644 --- a/config/haproxy-legacy/haproxy.xml +++ b/config/haproxy-legacy/haproxy.xml @@ -109,7 +109,6 @@ /* included in package install $freebsdv=trim(`uname -r | cut -d'.' -f1`); - conf_mount_rw(); `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/haproxy-legacy/binaries{$freebsdv}/haproxy`; exec("chmod a+rx /usr/local/sbin/haproxy"); */ @@ -120,4 +119,4 @@ </custom_php_deinstall_command> <custom_php_command_before_form> </custom_php_command_before_form> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/haproxy/haproxy.inc b/config/haproxy/haproxy.inc index 6d4ba0e5..7ededa97 100644 --- a/config/haproxy/haproxy.inc +++ b/config/haproxy/haproxy.inc @@ -73,7 +73,6 @@ function haproxy_custom_php_deinstall_command() { function haproxy_custom_php_install_command() { global $g, $config; - conf_mount_rw(); $haproxy = <<<EOD #!/bin/sh @@ -228,8 +227,6 @@ EOD; write_config(); } - conf_mount_ro(); - exec("/usr/local/etc/rc.d/haproxy.sh start"); } diff --git a/config/haproxy/haproxy.xml b/config/haproxy/haproxy.xml index 3be05802..ac8a35f2 100644 --- a/config/haproxy/haproxy.xml +++ b/config/haproxy/haproxy.xml @@ -89,17 +89,10 @@ <chmod>077</chmod> <item>https://packages.pfsense.org/packages/config/haproxy/haproxy_pool_edit.php</item> </additional_files_needed> - <custom_delete_php_command> - </custom_delete_php_command> - <custom_add_php_command> - </custom_add_php_command> - <custom_php_resync_config_command> - </custom_php_resync_config_command> <custom_php_install_command> /* included in package install $freebsdv=trim(`uname -r | cut -d'.' -f1`); - conf_mount_rw(); `fetch -q -o /usr/local/sbin/ https://packages.pfsense.org/packages/config/haproxy/binaries{$freebsdv}/haproxy`; exec("chmod a+rx /usr/local/sbin/haproxy"); */ @@ -108,6 +101,4 @@ <custom_php_deinstall_command> haproxy_custom_php_deinstall_command(); </custom_php_deinstall_command> - <custom_php_command_before_form> - </custom_php_command_before_form> </packagegui> diff --git a/config/haproxy1_5/pkg/haproxy.inc b/config/haproxy1_5/pkg/haproxy.inc index eceef783..30692c3c 100644 --- a/config/haproxy1_5/pkg/haproxy.inc +++ b/config/haproxy1_5/pkg/haproxy.inc @@ -347,10 +347,10 @@ function haproxy_custom_php_deinstall_command() { update_output_window($static_output); unlink_if_exists("/usr/local/etc/rc.d/haproxy.sh"); unlink_if_exists("/etc/rc.haproxy_ocsp.sh"); - $static_output .= "HAProxy, installing cron job if needed\n"; + $static_output .= "HAProxy, uninstalling cron job if needed\n"; update_output_window($static_output); - haproxy_install_cron(false); - haproxy_install_cronjob(false, '/etc/rc.haproxy_ocsp.sh'); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command() DONE\n"; update_output_window($static_output); } @@ -360,10 +360,6 @@ function haproxy_custom_php_install_command() { $static_output .= "HAProxy, running haproxy_custom_php_install_command()\n"; update_output_window($static_output); - $static_output .= "HAProxy, conf_mount_rw\n"; - update_output_window($static_output); - conf_mount_rw(); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); if ($pf_version == "2.1" || $pf_version == "2.2") $haproxy_binary = "/usr/pbi/haproxy-devel-" . php_uname("m") . "/sbin/haproxy"; @@ -437,7 +433,6 @@ EOD; $haproxy_ocsp = <<<EOD #!/usr/local/bin/php -f - <?php /* @@ -468,10 +463,6 @@ EOD; require_once('haproxy_upgrade_config.inc'); haproxy_upgrade_config(); - $static_output .= "HAProxy, conf_mount_ro\n"; - update_output_window($static_output); - conf_mount_ro(); - $static_output .= "HAProxy, starting haproxy (if previously enabled)\n"; update_output_window($static_output); haproxy_check_run(1); @@ -480,95 +471,6 @@ EOD; update_output_window($static_output); } -function haproxy_install_cronjob($should_install, $script, $interval = 60, $parameters = "") { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], $script)) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/{$interval}"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "$script $parameters"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron job"); - } - configure_cron(); - } - break; - } -} - -function haproxy_install_cron($should_install) { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "/usr/local/etc/rc.d/haproxy.sh")) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/2"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/etc/rc.d/haproxy.sh onecheck"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron CARP job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron CARP job"); - } - configure_cron(); - } - break; - } -} function haproxy_find_backend($backendname) { global $config; @@ -1737,12 +1639,16 @@ function haproxy_check_run($reload) { haproxy_updateocsp(false); if (isset($a_global['carpdev'])) - haproxy_install_cron(true); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", true, "*/2"); else - haproxy_install_cron(false); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); $useocsp = haproxy_uses_ocsp(); - haproxy_install_cronjob($useocsp, '/etc/rc.haproxy_ocsp.sh', 120); + if ($useocsp == "true") { + install_cron_job("/etc/rc.haproxy_ocsp.sh", true, "*/120"); + } else { + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); + } } if(isset($a_global['enable'])) { diff --git a/config/havp/antivirus.php b/config/havp/antivirus.php index bf5f1879..bfb0c523 100644 --- a/config/havp/antivirus.php +++ b/config/havp/antivirus.php @@ -1,383 +1,394 @@ <?php -/* $Id$ */ /* - antivirus.php - Copyright (C) 2010 Serg Dvoriancev - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + antivirus.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009-2010 Sergey Dvoriancev <dv_serg@mail.ru> + Copyright (C) 2014 Andrew Nikitin <andrey.b.nikitin@gmail.com>. + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ - require_once("guiconfig.inc"); require_once("pkg-utils.inc"); require_once("service-utils.inc"); - -include("head.inc"); - -header("Content-type: text/html; charset=utf-8"); +require_once("/usr/local/pkg/havp.inc"); $pgtitle = "Antivirus: General page"; +include("head.inc"); -if (file_exists("/usr/local/pkg/havp.inc")) - require_once("/usr/local/pkg/havp.inc"); -else echo "No havp.inc found"; - -define('PATH_CLAMDB', '/var/db/clamav'); -define('PATH_HAVPLOG', '/var/log/havp/access.log'); +define('PATH_CLAMDB', '/var/db/clamav'); +define('PATH_HAVPLOG', '/var/log/havp/access.log'); define('PATH_AVSTATUS', '/var/tmp/havp.status'); -function get_avdb_info() -{ - $r = ''; - $path = PATH_CLAMDB . "/{$filename}"; - $fl = get_dir(PATH_CLAMDB . "/"); - - array_shift($fl); - array_shift($fl); - - foreach ($fl as $fname) { - $path = PATH_CLAMDB . "/{$fname}"; - $ext = end(explode(".", $fname)); - - if ( $ext == "cvd" || $ext == "cld") { - $stl = "style='padding-top: 0px; padding-bottom: 0px; padding-left: 4px; padding-right: 4px; border-left: 1px solid #999999;'"; - if (file_exists($path)) { - $handle = ''; - if ($handle = fopen($path, "r")) { - $fsize = sprintf("%.2f M", filesize($path)/1024/1024); - - $s = fread($handle, 1024); - $s = explode(':', $s); - - # datetime - $dt = explode(" ", $s[1]); - $s[1] = strftime("%Y.%m.%d", strtotime("{$dt[0]} {$dt[1]} {$dt[2]}")); - if ($s[0] == 'ClamAV-VDB') - $r .= "<tr class='listr'><td $stl>{$fname}</td><td $stl>{$s[1]}</td><td $stl align='right'>$fsize</td><td $stl align='right'>{$s[2]}</td><td $stl align='right'>{$s[3]}</td><td $stl>{$s[7]}</td></tr>"; - } - fclose($handle); - } - } - } - - return $r; -} - -function get_av_statistic() -{ - return function_exists("havp_get_av_statistic") ? havp_get_av_statistic() : "Function 'havp_get_av_statistic' not found."; +function get_avdb_info() { + $r = ''; + $path = PATH_CLAMDB . "/{$filename}"; + $fl = get_dir(PATH_CLAMDB . "/"); + + array_shift($fl); + array_shift($fl); + + foreach ($fl as $fname) { + $path = PATH_CLAMDB . "/{$fname}"; + $ext = end(explode(".", $fname)); + + if ($ext == "cvd" || $ext == "cld") { + $stl = "style='padding-top: 0px; padding-bottom: 0px; padding-left: 4px; padding-right: 4px; border-left: 1px solid #999999;'"; + if (file_exists($path)) { + $handle = ''; + if ($handle = fopen($path, "r")) { + $fsize = sprintf("%.2f M", filesize($path)/1024/1024); + + $s = fread($handle, 1024); + $s = explode(':', $s); + + // datetime + $dt = explode(" ", $s[1]); + $s[1] = strftime("%Y.%m.%d", strtotime("{$dt[0]} {$dt[1]} {$dt[2]}")); + if ($s[0] == 'ClamAV-VDB') { + $r .= "<tr class='listr'><td $stl>{$fname}</td><td $stl>{$s[1]}</td><td $stl align='right'>$fsize</td><td $stl align='right'>{$s[2]}</td><td $stl align='right'>{$s[3]}</td><td $stl>{$s[7]}</td></tr>"; + } + } + fclose($handle); + } + } + } + + return $r; } -function get_av_viruslog() -{ - return function_exists("havp_get_av_viruslog") ? havp_get_av_viruslog() : "Function 'havp_get_av_viruslog' not found."; +function get_av_statistic() { + return function_exists("havp_get_av_statistic") ? havp_get_av_statistic() : "Function 'havp_get_av_statistic' not found."; } -function get_scanlist() -{ - return function_exists("havp_get_filescanlist") ? havp_get_filescanlist() : "Function 'havp_get_filescanlist()' not found."; +function get_av_viruslog() { + return function_exists("havp_get_av_viruslog") ? havp_get_av_viruslog() : "Function 'havp_get_av_viruslog' not found."; } -function get_scan_log() -{ - $s = function_exists("havp_get_scan_log") ? havp_get_scan_log() : "Function 'havp_get_scan_log()' not found."; - $s = str_replace("\n", "<br>", $s); - return $s; +function get_scanlist() { + return function_exists("havp_get_filescanlist") ? havp_get_filescanlist() : "Function 'havp_get_filescanlist()' not found."; } -function pfsense_version_A() -{ - return function_exists("pfsense_version_") ? pfsense_version_() : 1; +function get_scan_log() { + $s = function_exists("havp_get_scan_log") ? havp_get_scan_log() : "Function 'havp_get_scan_log()' not found."; + $s = str_replace("\n", "<br />", $s); + return $s; } -function havp_status() -{ - $s = ""; - if (HVDEF_HAVP_STATUS_FILE && file_exists(HVDEF_HAVP_STATUS_FILE)) - $s = file_get_contents(HVDEF_HAVP_STATUS_FILE); - return $s; +function havp_status() { + $s = ""; + if (HVDEF_HAVP_STATUS_FILE && file_exists(HVDEF_HAVP_STATUS_FILE)) { + $s = file_get_contents(HVDEF_HAVP_STATUS_FILE); + } + return $s; } -function clamd_status() -{ - $s = ""; - if (HVDEF_CLAM_STATUS_FILE && file_exists(HVDEF_CLAM_STATUS_FILE)) - $s = file_get_contents(HVDEF_CLAM_STATUS_FILE); - return $s; +function clamd_status() { + $s = ""; + if (HVDEF_CLAM_STATUS_FILE && file_exists(HVDEF_CLAM_STATUS_FILE)) { + $s = file_get_contents(HVDEF_CLAM_STATUS_FILE); + } + return $s; } -function avupdate_status() -{ - $s = "Not found."; - if (HVDEF_UPD_STATUS_FILE && file_exists(HVDEF_UPD_STATUS_FILE)) - $s = file_get_contents(HVDEF_UPD_STATUS_FILE); - return str_replace( "\n", "<br>", $s ); +function avupdate_status() { + $s = "Not found."; + if (HVDEF_UPD_STATUS_FILE && file_exists(HVDEF_UPD_STATUS_FILE)) { + $s = file_get_contents(HVDEF_UPD_STATUS_FILE); + } + return str_replace( "\n", "<br />", $s ); } -# ------------------------------------------------------------------------------ - -/* start service */ -if($_POST['start'] != '') { - #start_service($_POST['start']); - if (file_exists(HVDEF_HAVP_STARTUP_SCRIPT)) { - mwexec_bg (HVDEF_HAVP_STARTUP_SCRIPT . " start"); - sleep(3); - } -} else -/* restart service */ -if($_POST['restart'] != '') { - #restart_service($_POST['restart']); - if (file_exists(HVDEF_HAVP_STARTUP_SCRIPT)) { - mwexec_bg (HVDEF_HAVP_STARTUP_SCRIPT . " restart"); - sleep(3); - } -} else -/* stop service */ -if($_POST['stop'] != '') { - #stop_service($_POST['stop']); - if (file_exists(HVDEF_HAVP_STARTUP_SCRIPT)) { - mwexec_bg (HVDEF_HAVP_STARTUP_SCRIPT . " stop"); - sleep(3); - } +/* ------------------------------------------------------------------------------ */ + +/* Start service */ +if ($_POST['start'] != '') { + // start_service($_POST['start']); + if (file_exists(HVDEF_HAVP_STARTUP_SCRIPT)) { + mwexec_bg (HVDEF_HAVP_STARTUP_SCRIPT . " start"); + sleep(3); + } +/* Restart service */ +} elseif ($_POST['restart'] != '') { + // restart_service($_POST['restart']); + if (file_exists(HVDEF_HAVP_STARTUP_SCRIPT)) { + mwexec_bg (HVDEF_HAVP_STARTUP_SCRIPT . " restart"); + sleep(3); + } +/* Stop service */ +} elseif ($_POST['stop'] != '') { + // stop_service($_POST['stop']); + if (file_exists(HVDEF_HAVP_STARTUP_SCRIPT)) { + mwexec_bg (HVDEF_HAVP_STARTUP_SCRIPT . " stop"); + sleep(3); + } } /* Scan start */ if ($_POST['scanpath'] != '') { $scandir = $_POST['scanpath']; - if(function_exists("start_antivirus_scanner")) { + if (function_exists("start_antivirus_scanner")) { start_antivirus_scanner($scandir); - } - else echo "No 'start_antivirus_scanner' function found."; + } } /* Start AV Update */ if ($_POST['startupdate'] != '') { - if( function_exists("havp_update_AV")) { - havp_update_AV(); - } -# else echo "No 'start_antivirus_scanner' function found."; + if (function_exists("havp_update_AV")) { + havp_update_AV(); + } } /* Clear havp access log */ if ($_POST['clearlog_x'] != '') { - file_put_contents(HVDEF_HAVP_ACCESSLOG, ''); + file_put_contents(HVDEF_HAVP_ACCESSLOG, ''); } -# ------------------------------------------------------------------------------ +/* ------------------------------------------------------------------------------ */ ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?php -if (pfsense_version_A() == '1') { - echo "<p class=\"pgtitle\">$pgtitle</p>"; -} -?> - <form action="antivirus.php" method="post"> <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <!-- Tabs --> - <tr> - <td> +<tr><td> <?php $tab_array = array(); $tab_array[] = array(gettext("General page"), true, "antivirus.php"); - $tab_array[] = array(gettext("HTTP proxy"), false, "pkg_edit.php?xml=havp.xml&id=0"); - $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=havp_avset.xml&id=0"); - $tab_array[] = array(gettext("HAVP Log"), false, "havp_log.php"); + $tab_array[] = array(gettext("HTTP proxy"), false, "pkg_edit.php?xml=havp.xml"); + $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=havp_avset.xml"); + $tab_array[] = array(gettext("HAVP Log"), false, "havp_log.php?logtab=havp"); + $tab_array[] = array(gettext("Clamd Log"), false, "havp_log.php?logtab=clamd"); display_top_tabs($tab_array); ?> - </td> - </tr> - <tr><td><div id="mainarea"><table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" valign="top"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> -<!-- Service --> - <tr> - <td class="listhdrr">Service</td> - <td class="listhdrr">Status </td> - <td class="listhdrr"> </td> - <td class="listhdrr">Version</td> -<!-- <td class="listhdrr">Settings</td> --> - </tr> - <tr> - <td class="listlr">HTTP Antivirus Proxy ( <?php echo(havp_status()); ?> )</td> - <td class="listr" ><center> - <?php - $running = (is_service_running("havp", $ps) or is_process_running("havp")); - if ($running) - echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_pass.gif\" > Running"; - else echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_block.gif\"> Stopped"; - ?> - </td> - <td class="listr" nowrap> - <?php - if($running) { - echo "<input title='Restart Service' name='restart' type='image' value='havp' border=0 src='./themes/".$g['theme']."/images/icons/icon_service_restart.gif'>"; - echo " "; - echo "<input title='Stop Service' name='stop' type='image' value='havp' border=0 src='./themes/".$g['theme']."/images/icons/icon_service_stop.gif'>"; - } else echo "<input title='Start Service' name='start' type='image' value='havp' border=0 src='./themes/".$g['theme']."/images/icons/icon_service_start.gif'>"; - ?> - </td> - <td class="listr"> - <?php echo exec("pkg_info | grep \"[h]avp\""); ?> - </td> -<!-- - <td class="listr"> - <a href="/pkg_edit.php?xml=havp.xml&id=0"> - <?php echo "<input height=14 title='Show Proxy settings page' name='scan' type='image' value='scan' border=0 src='./themes/".$g['theme']."/images/icons/icon_service_start.gif'>"; ?> - <font size="2"> Proxy Settings</size> - </a> - </td> ---> - </tr> - <tr> - <td class="listlr">Antivirus Server ( <?php echo(clamd_status()); ?> )</td> - <td class="listr"><center> - <?php - $running = (is_service_running("clamd", $ps) or is_process_running("clamd")); - if ($running) - echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_pass.gif\" > Running"; - else echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_block.gif\"> Stopped"; - ?> - </td> - <td class="listr"> </td> - <td class="listr"> - <?php echo exec("clamd -V"); ?> - </td> -<!-- - <td class="listr"> - <a href="/pkg_edit.php?xml=havp_avset.xml&id=0"> - <?php echo "<input height=14 title='Show Antivirus settings page' name='scan' type='image' value='scan' border=0 src='./themes/".$g['theme']."/images/icons/icon_service_start.gif'>"; ?> - <font size="2"> Antivirus Settings</size> - </a> - </td> ---> - </tr> - - <tr><td> </td></tr> -<!-- Update --> - <tr> - <td class="listhdrr" colspan="3">Antivirus Update</td> - <td class="listhdrr" colspan="1">Update status</td></tr> - </tr> - <tr> - <td class="listlr" colspan="3" nowrap> - <?php echo "<input height=14 title='Start antivirus update' name='startupdate' type='image' value='startupdate' border=0 src='./themes/".$g['theme']."/images/icons/icon_service_start.gif'>"; ?> - <font size="-1"> Start Update</font> - </td> - <td class="listr" colspan="1"> - <?php echo avupdate_status(); ?> - </td> - </tr> - <tr> - <td class="listlr"colspan="3">Antivirus Base Info</td> - <td colspan="1"> - <table width="100%" border="0" cellspacing="0" cellpadding="1" ><tbody> - <tr align="center"><td class="listhdrr">Database</td><td class="listhdrr">Date</td><td class="listhdrr">Size</td><td class="listhdrr">Ver.</td><td class="listhdrr">Signatures</td><td class="listhdrr">Builder</td></tr> - <?php echo get_avdb_info(); ?> - </tbody></table> - </td> - </tr> - <tr><td> </td></tr> -<!-- File Scanner --> - <tr> - <td class="listhdrr" colspan="3">File scanner</td> - <td class="listhdrr" colspan="1">Scanner status</td> - </tr> - <tr> - <td class="vtable" colspan="3"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td class="listlr"> - Path: <br> - <input size="60%" id="scanpath" name="scanpath" value=""><br> - Enter file path or catalog for scanning. - <hr> - <?php - $scanlist = get_scanlist(); - if (is_array($scanlist)) - foreach($scanlist as $scan) { - echo "<span onclick=\"document.getElementById('scanpath').value='{$scan['path']}';\" style=\"cursor: pointer;\">\n"; - echo "<img src='./themes/".$g['theme']."/images/icons/icon_pass.gif'>\n"; - echo "<u>{$scan['descr']}</u>\n"; - echo "</span>"; - echo "<br>"; - } - ?> - </td> - </tr> - <tr> - <td class="vncellr" nowrap> - <?php echo "<input height=14 title='Scan selected file or catalog' name='scan' type='image' value='scan' border=0 src='./themes/".$g['theme']."/images/icons/icon_service_start.gif'>"; ?> - <font size="-1"> Start Scanner</font> - </td> - </tr> - </table> - </td> - <td class="listr" colspan="1"> - <?php echo get_scan_log(); ?> - </td> - </tr> - <tr><td> </td></tr> -<!-- Last Viruses --> - <tr> - <td colspan="4"> - <table width="100%" border="0" cellspacing="0" cellpadding="1" ><tbody> - <tr class="vncellt"><td class="listhdrr" colspan="4">Last Viruses</td></tr> - <?php - $count = 30; - $stl = "style='padding-right: 4px;'"; - $s = get_av_viruslog(); - krsort($s); # reverse sort - if (is_array($s) && !empty($s)) { - foreach($s as $val) { - if (!$count) break; - $ln = explode(' ', $val); - echo "<tr><td nowrap $stl>{$ln[0]} {$ln[1]}</td><td nowrap $stl>{$ln[2]}</td><td>{$ln[5]}</td><td nowrap>{$ln[9]}</td></tr>"; - $count--; - } - } - else echo "<tr><td $stl>Not found</td></tr>"; - ?> - <tr class="listr"><td class="listr" colspan="4"><?php echo get_av_statistic(); ?><?php echo "<div style='float:right;'><input title='Clear antivirus log' name='clearlog' type='image' value='havp' border=0 src='./themes/".$g['theme']."/images/icons/icon_x.gif'>"; ?><font size="-1"> Clear log</font></div></td></tr> - </tbody></table> - </td> - </tr> - </table> - </td> - </tr> +</td></tr> +<tr><td> +<div id="mainarea"><table width="100%" border="0" cellpadding="0" cellspacing="0"> +<tr><td class="tabcont" valign="top"> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <!-- Service --> + <tr> + <td class="listhdrr">Service</td> + <td class="listhdrr">Status </td> + <td class="listhdrr"> </td> + <td class="listhdrr">Version</td> + <!-- <td class="listhdrr">Settings</td> --> + </tr> + <tr> + <td class="listlr">HTTP Antivirus Proxy ( <?php echo(havp_status()); ?> )</td> + <td class="listr" ><center> + <?php + $running = (is_service_running("havp", $ps) or is_process_running("havp")); + if ($running) { + echo "<img src=\"/themes/" . $g['theme'] . "/images/icons/icon_pass.gif\" alt=\"\" /> Running"; + } else { + echo "<img src=\"/themes/" . $g['theme'] . "/images/icons/icon_block.gif\" alt=\"\" /> Stopped"; + } + ?> + </td> + <td class="listr" nowrap="nowrap"> + <?php + if ($running) { + echo "<input title='Restart Service' name='restart' type='image' value='havp' src='./themes/" . $g['theme'] . "/images/icons/icon_service_restart.gif' />"; + echo " "; + echo "<input title='Stop Service' name='stop' type='image' value='havp' src='./themes/" . $g['theme'] . "/images/icons/icon_service_stop.gif' />"; + } else { + echo "<input title='Start Service' name='start' type='image' value='havp' src='./themes/" . $g['theme'] . "/images/icons/icon_service_start.gif' />"; + } + ?> + </td> + <td class="listr"> + <!-- Obviously broken on any 2.2+ version --> + <?php echo exec("pkg_info | grep \"[h]avp\""); ?> + </td> + <!-- + <td class="listr"> + <a href="/pkg_edit.php?xml=havp.xml"> + <?php echo "<input height='14' title='Show Proxy settings page' name='scan' type='image' value='scan' src='./themes/" . $g['theme'] . "/images/icons/icon_service_start.gif' />"; ?> + Proxy Settings + </a> + </td> + --> + </tr> + <tr> + <td class="listlr">Antivirus Server ( <?php echo(clamd_status()); ?> )</td> + <td class="listr"><center> + <?php + $running = (is_service_running("clamd", $ps) or is_process_running("clamd")); + if ($running) { + echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_pass.gif\" alt=\"\" /> Running"; + } else { + echo "<img src=\"/themes/" . $g["theme"] . "/images/icons/icon_block.gif\" alt=\"\" /> Stopped"; + } + ?> + </td> + <td class="listr"> </td> + <td class="listr"> + <?php echo exec("clamd -V"); ?> + </td> + <!-- + <td class="listr"> + <a href="/pkg_edit.php?xml=havp_avset.xml"> + <?php echo "<input height='14' title='Show Antivirus settings page' name='scan' type='image' value='scan' src='./themes/" . $g['theme'] . "/images/icons/icon_service_start.gif' />"; ?> + Antivirus Settings + </a> + </td> + --> + </tr> + + <tr><td> </td></tr> + <!-- Update --> + <tr> + <td class="listhdrr" colspan="3">Antivirus Update</td> + <td class="listhdrr" colspan="1">Update Status</td> + </tr> + <tr> + <td class="listlr" colspan="3" nowrap="nowrap"> + <?php echo "<input height='14' title='Start antivirus update' name='startupdate' type='image' value='startupdate' src='./themes/" . $g['theme'] . "/images/icons/icon_service_start.gif' />"; ?> + Start Update + </td> + <td class="listr" colspan="1"> + <?php echo avupdate_status(); ?> + </td> + </tr> + <tr> + <td class="listlr"colspan="3">Antivirus Base Info</td> + <td colspan="1"> + <table width="100%" border="0" cellspacing="0" cellpadding="1" ><tbody> + <tr align="center"> + <td class="listhdrr">Database</td> + <td class="listhdrr">Date</td> + <td class="listhdrr">Size</td> + <td class="listhdrr">Ver.</td> + <td class="listhdrr">Signatures</td> + <td class="listhdrr">Builder</td> + </tr> + <?php echo get_avdb_info(); ?> + </tbody></table> + </td> + </tr> + + <tr><td> </td></tr> + <!-- File Scanner --> + <tr> + <td class="listhdrr" colspan="3">File Scanner</td> + <td class="listhdrr" colspan="1">Scanner Status</td> + </tr> + <tr> + <td class="vtable" colspan="3"> + <table width="100%" border="0" cellpadding="6" cellspacing="0"> + <tr> + <td class="listlr"> + Path: <br /> + <input size="60%" id="scanpath" name="scanpath" value="" /><br /> + Enter file path or catalog for scanning. + <hr /> + <?php + $scanlist = get_scanlist(); + if (is_array($scanlist)) { + foreach ($scanlist as $scan) { + echo "<span onclick=\"document.getElementById('scanpath').value='{$scan['path']}';\" style=\"cursor: pointer;\">\n"; + echo "<img src='./themes/" . $g['theme'] . "/images/icons/icon_pass.gif' alt='' />\n"; + echo "<span style='text-decoration: underline;'>{$scan['descr']}</span>\n"; + echo "</span>"; + echo "<br />"; + } + } + ?> + </td> + </tr> + <tr> + <td class="vncellr" nowrap="nowrap"> + <?php echo "<input height='14' title='Scan selected file or catalog' name='scan' type='image' value='scan' src='./themes/" . $g['theme'] . "/images/icons/icon_service_start.gif' />"; ?> + Start Scanner + </td> + </tr> + </table> + </td> + <td class="listr" colspan="1"> + <?php echo get_scan_log(); ?> + </td> + </tr> + + <tr><td> </td></tr> + <!-- Last Viruses --> + <tr> + <td colspan="4"> + <table width="100%" border="0" cellspacing="0" cellpadding="1" > + <tbody> + <tr class="vncellt"> + <td class="listhdrr" colspan="4">Last Viruses</td> + </tr> + <?php + $count = 30; + $stl = "style='padding-right: 4px;'"; + $s = get_av_viruslog(); + // reverse sort + krsort($s); + if (is_array($s) && !empty($s)) { + foreach ($s as $val) { + if (!$count) { + break; + } + $ln = explode(' ', $val); + echo "<tr><td nowrap='nowrap' $stl>{$ln[0]} {$ln[1]}</td><td nowrap='nowrap' $stl>{$ln[2]}</td><td>{$ln[5]}</td><td nowrap='nowrap'>{$ln[9]}</td></tr>"; + $count--; + } + } else { + echo "<tr><td $stl>Not found</td></tr>"; + } + ?> + <tr class="listr"> + <td class="listr" colspan="4"> + <?php echo get_av_statistic(); ?> + <?php echo "<div style='float: right;'><input title='Clear antivirus log' name='clearlog' type='image' value='havp' src='./themes/" . $g['theme'] . "/images/icons/icon_x.gif' />"; ?> Clear log</div> + </td> + </tr> + </tbody> + </table> + </td> + </tr> + </table> + +</td></tr> +</table> + +</div> + +</tr></td> </table> -</div></tr></td></table> </form> <?php include("fend.inc"); ?> -<script type="text/javascript"> - NiftyCheck(); - Rounded("div#mainarea","bl br","#FFF","#eeeeee","smooth"); +<script type="text/javascript"> +//<![CDATA[ + NiftyCheck(); + Rounded("div#mainarea","bl br","#FFF","#eeeeee","smooth"); +//]]> </script> </body> diff --git a/config/havp/havp.inc b/config/havp/havp.inc index e7966a38..e097e122 100644 --- a/config/havp/havp.inc +++ b/config/havp/havp.inc @@ -1,35 +1,33 @@ <?php /* - havp.inc - Part of pfSense package - Copyright (C) 2009 Serg Dvorianceev - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + havp.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009-2010 Sergey Dvoriancev <dv_serg@mail.ru> + Copyright (C) 2014 Andrew Nikitin <andrey.b.nikitin@gmail.com>. + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ - -/* ! for HAVP v.0.88 ! */ -/* ! Real virus collection for tests http://www.nvkz.kuzbass.net/as/ ! */ - require_once('globals.inc'); require_once('config.inc'); require_once('util.inc'); @@ -38,941 +36,980 @@ require_once('pfsense-utils.inc'); require_once('pkg-utils.inc'); require_once('service-utils.inc'); -if(!function_exists("filter_configure")) - require_once("filter.inc"); - -# ------------------------------------------------------------------------------ -# globals -# ------------------------------------------------------------------------------ -# Debug / uncomment next for debug / -define('HV_DEBUG', 'false'); - -# use Clamd daemon (another - use libclam) -# define('HV_USE_CLAMD', 'true'); -define('HV_CLAMD_TCPSOCKET', 'true'); - -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# RAM Disk - use as 'tmp' dir for more quick work -# note: this options allow RAM Disk allocation -# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -# set 'true' for enable RAM Disk -define('HV_USE_TMPRAMDISK', 'true'); -# set 'false' for disable RAM Disk on VM (if you have troubles on VM) -define('HV_VM_TMPRAMDISK', 'true'); - -# ------------------------------------------------------------------------------ -# forms -# ------------------------------------------------------------------------------ -define('HVFORM_HAVP', 'havp'); -define('HVFORM_FSCAN', 'havpfscan'); -define('HVFORM_AVSET', 'havpavset'); - -# ------------------------------------------------------------------------------ -# defines -# ------------------------------------------------------------------------------ -# havp -define('HVDEF_ADDR', '127.0.0.1'); -define('HVDEF_PROXYPORT', '8080'); -define('HVDEF_MAXSCANSIZE', '5000000'); # [bytes] ! do not enter 0 or big size ! -define('HVDEF_MAXARCSCANSIZE', '5000000'); # [bytes] ! do not enter 0 or big size ! -define('HVDEF_PID_FILE', '/var/run/havp.pid'); - -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2") - define("HVDEF_WORK_DIR", "/usr/pbi/havp-" . php_uname("m") . "/local/etc"); - else - define("HVDEF_WORK_DIR", "/usr/local/etc/havp"); - - -$pfSversion = str_replace("\s", "", file_get_contents("/etc/version")); -if(preg_match("/^2./",$pfSversion)) - define('HVDEF_LOG_DIR', '/var/log/havp'); -else - define('HVDEF_LOG_DIR', '/var/log'); - -define('HVDEF_TEMP_DIR', '/var/tmp'); -define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR.'/havp'); -define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR.'/havpRAM'); -define('HVDEF_SCANTEMPFILE', '/havp-XXXXXX'); -define('HVDEF_TEMPLATES', '/usr/local/share/examples/havp/templates'); -define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex'); -define('HVDEF_FILTER_RULES', '/tmp/rules.havp'); -define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR.'/havp.config'); -define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR.'/havp_conf.xml'); -define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR.'/whitelist'); -define('HVDEF_HAVP_BLACKLIST', HVDEF_WORK_DIR.'/blacklist'); -define('HVDEF_HAVP_ACCESSLOG', HVDEF_LOG_DIR .'/access.log'); -define('HVDEF_HAVP_ERRORLOG', HVDEF_LOG_DIR .'/havp.log'); -define('HVDEF_HAVP_MINSRV', '3'); -define('HVDEF_HAVP_MAXSRV', '100'); - -# Clam -define('HVDEF_CLAM_RUNDIR', '/var/run/clamav'); -#define('HVDEF_CLAM_RUNDIR', '/var/run'); -define('HVDEF_CLAM_DBDIR', '/var/db/clamav'); -if(preg_match("/^2./",$pfSversion)) - define('HVDEF_AVLOG_DIR', '/var/log/clamav'); -else - define('HVDEF_AVLOG_DIR', '/var/log'); - -define('HVDEF_CLAM_SOCKET', HVDEF_CLAM_RUNDIR.'/clamd.sock'); -define('HVDEF_CLAM_PID', HVDEF_CLAM_RUNDIR.'/clamd.pid'); -define('HVDEF_CLAM_LOG', HVDEF_AVLOG_DIR . '/clamd.log'); -define('HVDEF_CLAM_WORKDIR', '/usr/local/etc'); -define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf'); -define('HVDEF_CLAM_TCPSOCKET', '3310'); -define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf'); -define('HVDEF_FRESHCLAM_LOG', HVDEF_AVLOG_DIR . '/freshclam.log'); -define('HVDEF_CLAMSCAN_LOG', '/var/log/clamscan.log'); -define('HVDEF_STATUS_FILE', '/var/tmp/havp.status'); - -# script's -define('HVDEF_SCRIPT_DIR', '/usr/local/etc/rc.d'); -define('HVDEF_AVCRON_SCRIPT', '/clamav-freshclam'); -define('HVDEF_FILTER_RESYNC_SCRIPT', '/usr/local/pkg/pf/havp_filter_resync.sh'); -define('HVDEF_HAVP_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/havp.sh'); -define('HVDEF_CLAM_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/clamd'); -define('HVDEF_AVUPD_SCRIPT', HVDEF_SCRIPT_DIR . '/havp_avupdate'); - -# status -define('HVDEF_HAVP_STATUS_FILE', '/tmp/havp.status'); -define('HVDEF_CLAM_STATUS_FILE', '/tmp/clam.status'); -define('HVDEF_UPD_STATUS_FILE', '/tmp/havp.update.status'); -define('HVDEF_FRESHCLAM_STATUS_FILE', '/tmp/havp.freshclam.status'); - -# cron -define('HVDEF_CLAM_UPD_CRONNAME', 'havp_clam_update'); -define('HVDEF_CLAM_UPD_CRONCMD', HVDEF_SCRIPT_DIR . HVDEF_AVCRON_SCRIPT . " start"); -define('HVDEF_CLAM_UPD_CRONKEY', HVDEF_AVCRON_SCRIPT); - -# user -define('HVDEF_USER', 'havp'); -define('HVDEF_GROUP', 'havp'); -define('HVDEF_AVUSER', HVDEF_USER); - -# fields -define('HV_SCANTEMPFILE', 'hv_scan_tempfile'); - -# ------------------------------------------------------------------------------ -# XML fields -# ------------------------------------------------------------------------------ -define('F_ENABLE', 'enable'); -define('F_USECLAMD', 'useclamd'); -define('F_PROXYMODE', 'proxymode'); -define('F_PROXYINTERFACE', 'proxyinterface'); -define('F_PROXYBINDIFACE', 'proxybindiface'); # internal var -define('F_PROXYPORT', 'proxyport'); -define('F_PARENTPROXY', 'parentproxy'); -define('F_LANGUAGE', 'lang'); -define('F_MAXDOWNLOADSIZE', 'maxdownloadsize'); -define('F_RANGE', 'range'); -define('F_WHITELIST', 'whitelist'); -define('F_BLACKLIST', 'blacklist'); -define('F_ENABLEFORWARDEDIP', 'enableforwardedip'); -define('F_ENABLEXFORWARDEDFOR', 'enablexforwardedfor'); -define('F_ENABLERAMDISK', 'enableramdisk'); -# scanner -define('F_FAILSCANERROR', 'failscanerror'); -define('F_SCANMAXSIZE', 'scanmaxsize'); -define('F_SCANIMG', 'scanimg'); -define('F_SCANARC', 'scanarc'); -define('F_SCANSTREAM', 'scanstream'); -define('F_SCANARCMAXSIZE', 'scanarcmaxsize'); -define('F_SCANBROKENEXE', 'scanbrokenexe'); -# antivirus options -define('F_HAVPUPDATE', 'havpavupdate'); -define('F_DBREGION', 'dbregion'); -define('F_AVUPDATESERVER', 'avupdateserver'); -# log -define('F_SYSLOG', 'syslog'); -define('F_LOG', 'log'); -define('F_AVSETSYSLOG', 'avsetsyslog'); -define('F_AVSETLOG', 'avsetlog'); -# -define('F_TEMPLATEPATH', 'templatepath'); # internal var -# file scanner [HVFORM_FSCAN] -define('F_SCANFILEPATH', 'scanfilepath'); -# ���� ��������� ��� ��� � ��� � ��� ������ -define('F_DISABLEXFORWARD', 'disablexforward'); # + forwarded ip -define('F_FORWARDEDIP', 'forwardedip'); - -# ------------------------------------------------------------------------------ -# global config -# ------------------------------------------------------------------------------ +/* +* ------------------------------------------------------------------------------ +* Globals +* ------------------------------------------------------------------------------ +* Set to true to enable debug +*/ +define('HV_DEBUG', 'false'); + +/* Use clamd daemon or libclam */ +//define('HV_USE_CLAMD', 'true'); +define('HV_CLAMD_TCPSOCKET', 'true'); + +/* +* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* RAM Disk - use as 'tmp' dir for faster scanning +* Note: these options allow RAM Disk allocation +* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +* Set 'true' to enable RAM Disk +*/ +define('HV_USE_TMPRAMDISK', 'true'); +/* Set 'false' to disable RAM Disk on VM in case you have troubles */ +define('HV_VM_TMPRAMDISK', 'true'); + +/* +* ------------------------------------------------------------------------------ +* Forms +* ------------------------------------------------------------------------------ +*/ +define('HVFORM_HAVP', 'havp'); +define('HVFORM_FSCAN', 'havpfscan'); +define('HVFORM_AVSET', 'havpavset'); + +/* +* ------------------------------------------------------------------------------ +* Defines +* ------------------------------------------------------------------------------ +*/ +/* HAVP */ +global $pf_version; +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +define('HVDEF_ADDR', '127.0.0.1'); +define('HVDEF_PROXYPORT', '8080'); +define('HVDEF_MAXSCANSIZE', '5000000'); // [bytes] ! do not enter 0 or big size ! +define('HVDEF_MAXARCSCANSIZE', '5000000'); // [bytes] ! do not enter 0 or big size ! +define('HVDEF_PID_FILE', '/var/run/havp.pid'); + +if ($pf_version == "2.1" || $pf_version == "2.2") { + define("HVDEF_WORK_DIR", "/usr/pbi/havp-" . php_uname("m") . "/local/etc"); + define("HVDEF_HAVP_PATH", "/usr/pbi/havp-" . php_uname("m") . "/local/sbin/havp"); + define('HVDEF_TEMPLATES', "/usr/pbi/havp-" . php_uname("m") . "/local/share/examples/havp/templates"); + define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex'); +} else { + define("HVDEF_WORK_DIR", "/usr/local/etc/havp"); + define('HVDEF_TEMPLATES', '/usr/local/share/examples/havp/templates'); + define("HVDEF_HAVP_PATH", "/usr/local/sbin/havp"); + define('HVDEF_TEMPLATES_EX', HVDEF_TEMPLATES . '_ex'); +} + +define('HVDEF_LOG_DIR', '/var/log/havp'); +define('HVDEF_TEMP_DIR', '/var/tmp'); +define('HVDEF_HAVPTEMP_DIR', HVDEF_TEMP_DIR . '/havp'); +define('HVDEF_RAMTEMP_DIR', HVDEF_TEMP_DIR . '/havpRAM'); +define('HVDEF_SCANTEMPFILE', '/havp-XXXXXX'); +define('HVDEF_HAVP_CONFIG', HVDEF_WORK_DIR . '/havp.config'); +define('HVDEF_HAVP_XMLCONF', HVDEF_WORK_DIR . '/havp_conf.xml'); +define('HVDEF_HAVP_WHITELIST', HVDEF_WORK_DIR . '/whitelist'); +define('HVDEF_HAVP_BLACKLIST', HVDEF_WORK_DIR . '/blacklist'); +define('HVDEF_HAVP_ACCESSLOG', HVDEF_LOG_DIR . '/access.log'); +define('HVDEF_HAVP_ERRORLOG', HVDEF_LOG_DIR . '/havp.log'); +define('HVDEF_HAVP_MINSRV', '3'); +define('HVDEF_HAVP_MAXSRV', '100'); + +/* ClamAV */ +define('HVDEF_CLAM_RUNDIR', '/var/run/clamav'); +define('HVDEF_CLAM_DBDIR', '/var/db/clamav'); +define('HVDEF_AVLOG_DIR', '/var/log/clamav'); +define('HVDEF_CLAM_SOCKET', HVDEF_CLAM_RUNDIR . '/clamd.sock'); +define('HVDEF_CLAM_PID', HVDEF_CLAM_RUNDIR . '/clamd.pid'); +define('HVDEF_CLAM_LOG', HVDEF_AVLOG_DIR . '/clamd.log'); +if ($pf_version == "2.1" || $pf_version == "2.2") { + define('HVDEF_CLAM_WORKDIR', HVDEF_WORK_DIR); + define('HVDEF_CLAM_CONFIG', HVDEF_WORK_DIR . '/clamd.conf'); + define('HVDEF_FRESHCLAM_CONF', HVDEF_WORK_DIR . '/freshclam.conf'); + define("HVDEF_CLAMD_PATH", "/usr/pbi/havp-" . php_uname("m") . "/local/sbin/clamd"); + define('HVDEF_FRESHCLAM_PATH', "/usr/pbi/havp-" . php_uname("m") . "/local/bin/freshclam"); + define('HVDEF_SIGTOOL_PATH', "/usr/pbi/havp-" . php_uname("m") . "/local/bin/sigtool"); +} else { + define('HVDEF_CLAM_WORKDIR', '/usr/local/etc'); + define('HVDEF_CLAM_CONFIG', '/usr/local/etc/clamd.conf'); + define('HVDEF_FRESHCLAM_CONF', '/usr/local/etc/freshclam.conf'); + define("HVDEF_CLAMD_PATH", "/usr/local/sbin/clamd"); + define('HVDEF_FRESHCLAM_PATH', "/usr/local/bin/freshclam"); + define('HVDEF_SIGTOOL_PATH', "/usr/local/bin/sigtool"); +} +define('HVDEF_CLAM_TCPSOCKET', '3310'); +define('HVDEF_FRESHCLAM_LOG', HVDEF_AVLOG_DIR . '/freshclam.log'); +define('HVDEF_CLAMSCAN_LOG', '/var/log/clamscan.log'); +define('HVDEF_STATUS_FILE', '/var/tmp/havp.status'); + +/* Scripts */ +define('HVDEF_SCRIPT_DIR', '/usr/local/etc/rc.d'); +define('HVDEF_AVCRON_SCRIPT', '/clamav-freshclam'); +define('HVDEF_HAVP_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/havp.sh'); +define('HVDEF_CLAM_STARTUP_SCRIPT', HVDEF_SCRIPT_DIR . '/clamd'); +define('HVDEF_AVUPD_SCRIPT', HVDEF_SCRIPT_DIR . '/havp_avupdate'); + +/* Status */ +define('HVDEF_HAVP_STATUS_FILE', '/tmp/havp.status'); +define('HVDEF_CLAM_STATUS_FILE', '/tmp/clam.status'); +define('HVDEF_UPD_STATUS_FILE', '/tmp/havp.update.status'); +define('HVDEF_FRESHCLAM_STATUS_FILE', '/tmp/havp.freshclam.status'); + +/* Cron */ +define('HVDEF_CLAM_UPD_CRONNAME', 'havp_clam_update'); +define('HVDEF_CLAM_UPD_CRONCMD', HVDEF_SCRIPT_DIR . HVDEF_AVCRON_SCRIPT . " start"); +define('HVDEF_CLAM_UPD_CRONKEY', HVDEF_AVCRON_SCRIPT); + +/* User */ +define('HVDEF_USER', 'havp'); +define('HVDEF_GROUP', 'havp'); +define('HVDEF_AVUSER', HVDEF_USER); + +define('HV_SCANTEMPFILE', 'hv_scan_tempfile'); + +/* +* ------------------------------------------------------------------------------ +* XML fields +* ------------------------------------------------------------------------------ +*/ +define('F_ENABLE', 'enable'); +define('F_USECLAMD', 'useclamd'); +define('F_PROXYMODE', 'proxymode'); +define('F_PROXYINTERFACE', 'proxyinterface'); +define('F_PROXYBINDIFACE', 'proxybindiface'); // internal var +define('F_PROXYPORT', 'proxyport'); +define('F_PARENTPROXY', 'parentproxy'); +define('F_LANGUAGE', 'lang'); +define('F_MAXDOWNLOADSIZE', 'maxdownloadsize'); +define('F_RANGE', 'range'); +define('F_WHITELIST', 'whitelist'); +define('F_BLACKLIST', 'blacklist'); +define('F_ENABLEFORWARDEDIP', 'enableforwardedip'); +define('F_ENABLEXFORWARDEDFOR', 'enablexforwardedfor'); +define('F_ENABLERAMDISK', 'enableramdisk'); +/* Scanner */ +define('F_FAILSCANERROR', 'failscanerror'); +define('F_SCANMAXSIZE', 'scanmaxsize'); +define('F_SCANIMG', 'scanimg'); +define('F_SCANARC', 'scanarc'); +define('F_SCANSTREAM', 'scanstream'); +define('F_SCANARCMAXSIZE', 'scanarcmaxsize'); +define('F_SCANBROKENEXE', 'scanbrokenexe'); +/* Antivirus Options */ +define('F_HAVPUPDATE', 'havpavupdate'); +define('F_DBREGION', 'dbregion'); +define('F_AVUPDATESERVER', 'avupdateserver'); +/* Logging */ +define('F_SYSLOG', 'syslog'); +define('F_LOG', 'log'); +define('F_AVSETSYSLOG', 'avsetsyslog'); +define('F_AVSETLOG', 'avsetlog'); + +define('F_TEMPLATEPATH', 'templatepath'); // internal var +/* File Scanner [HVFORM_FSCAN] */ +define('F_SCANFILEPATH', 'scanfilepath'); +define('F_DISABLEXFORWARD', 'disablexforward'); +define('F_FORWARDEDIP', 'forwardedip'); + +/* +* ------------------------------------------------------------------------------ +* Global Config +* ------------------------------------------------------------------------------ +*/ $havp_config = array(); $havp_config[HV_SCANTEMPFILE] = HVDEF_HAVPTEMP_DIR . HVDEF_SCANTEMPFILE; -# ------------------------------------------------------------------------------ -# Initialization -# ------------------------------------------------------------------------------ +/* +* ------------------------------------------------------------------------------ +* Initialization +* ------------------------------------------------------------------------------ +*/ havp_convert_pfxml_xml(); -# ============================================================================== -# Installation and config -# ============================================================================== -function havp_install() -{ - update_status("HAVP check system..\n"); - havp_check_system(); - havp_fix(); - - havp_avset_resync(); - havp_update_AV(); +/* +* ============================================================================== +* Installation and config +* ============================================================================== +*/ +function havp_install() { + update_status("HAVP check system ...\n"); + havp_check_system(); + // Remove stale scripts + unlink_if_exists(HVDEF_SCRIPT_DIR . "/havp"); + unlink_if_exists(HVDEF_SCRIPT_DIR . "/clamd.sh"); + havp_avset_resync(); + havp_update_AV(); - update_status("Start update Antivirus bases. Wait 5-20 min before use .."); -} -# ------------------------------------------------------------------------------ -function havp_deinstall() -{ - havp_setup_cron(HVDEF_AVUPD_SCRIPT,"", ""); - mwexec("killall -9 havp"); - mwexec("rm -rf " . HVDEF_HAVP_STARTUP_SCRIPT); - mwexec("rm -rf " . HVDEF_FILTER_RESYNC_SCRIPT); - mwexec("rm -rf " . HVDEF_PID_FILE); -# mwexec("rm -rf " . HVDEF_CLAM_STARTUP_SCRIPT); -# mwexec("rm -rf " . HVDEF_AVUPD_SCRIPT); -# mwexec("rm -rf " . HVDEF_CLAM_PID); -# mwexec("rm -rf " . HVDEF_CLAM_SOCKET); - umountRAMDisk(); + update_status("Starting update of AV databases. Wait 5-20 min before use ..."); } -# ============================================================================== -# Events -# ============================================================================== -# before form -# ------------------------------------------------------------------------------ -function havp_before_form(&$pkg) -{ + +function havp_deinstall() { + $crontask = "/usr/bin/nice -n20 " . HVDEF_AVUPD_SCRIPT; + install_cron_job($crontask, false); + mwexec("/usr/bin/killall -9 havp"); + unlink_if_exists(HVDEF_HAVP_STARTUP_SCRIPT); + unlink_if_exists(HVDEF_PID_FILE); + // unlink_if_exists(HVDEF_CLAM_STARTUP_SCRIPT); + // unlink_if_exists(HVDEF_AVUPD_SCRIPT); + // unlink_if_exists(HVDEF_CLAM_PID); + // unlink_if_exists(HVDEF_CLAM_SOCKET); + if (is_dir("/usr/local/share/examples/havp/")) { + mwexec("/bin/rm -rf /usr/local/share/examples/havp/"); + } + umountRAMDisk(); } -# ------------------------------------------------------------------------------ -function havp_fscan_before_form(&$pkg) -{ - if(is_array($pkg['fields']['field'])) { - foreach($pkg['fields']['field'] as $key => $field) { - if ($field['fieldname'] === F_SCANFILEPATH) { - $pkg['fields']['field'][$key]['description'] .= havp_fscan_html(); - break; - } - } - } +/* +* ============================================================================== +* Events +* ============================================================================== +* Before form +* ------------------------------------------------------------------------------ +*/ +function havp_fscan_before_form(&$pkg) { + if (is_array($pkg['fields']['field'])) { + foreach ($pkg['fields']['field'] as $key => $field) { + if ($field['fieldname'] === F_SCANFILEPATH) { + $pkg['fields']['field'][$key]['description'] .= havp_fscan_html(); + break; + } + } + } } -# ------------------------------------------------------------------------------ -# validation -# ------------------------------------------------------------------------------ -function havp_validate_settings($post, &$input_errors) -{ - $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; - - # manual update AV database - if ($submit === 'Update_AV') { - havp_update_AV(); - } - # Scan file or dir - elseif($submit === 'Start_scan') { - if (file_exists($post[F_SCANFILEPATH])) - start_antivirus_scanner($post[F_SCANFILEPATH]); - else $input_errors[] = "File or path not exists '{$post[F_SCANFILEPATH]}'."; - } - else { - # ifaces - if (!isset($post[F_PROXYINTERFACE]) || empty($post[F_PROXYINTERFACE])) { - $post[F_PROXYINTERFACE] = "lan"; - } - - # port validate - $prxport = trim($post[F_PROXYPORT]); - if (!empty($prxport) && !is_port($prxport)) - $input_errors[] = 'You must enter a valid port number in the \'Proxy port\' field'; - - # parent proxy validate - $parent = trim($post[F_PARENT]); - - # max download size validate - $maxval = trim($post[F_MAXDOWNLOADSIZE]); - if (!empty($maxval) && !is_numericint($maxval)) # is_port - validate value - $input_errors[] = 'You must enter a valid numeric value in \'Max download size\' field.'; - - # scan max file size validate - $maxval = trim($post[F_SCANMAXSIZE]); - if (!empty($maxval) && !is_numericint($maxval)) # is_port - validate value - $input_errors[] = 'You must enter a valid numeric value in \'Scan max file size\' field.'; - - # whitelist validate - $lst = str_replace(array(" ", ";"), "\n", $post[F_WHITELIST]); - $lst = explode("\n", $lst); - foreach ($lst as $dm) { - $dm = trim($dm); - if ($dm && check_bw_domain($dm) === false) - $input_errors[] = "Invalid whitelist element '$dm'. Example: '*domain.com, domain.com/*path*'."; - } - - # blacklist validate - $lst = str_replace(array(" ", ";"), "\n", $post[F_BLACKLIST]); - $lst = explode("\n", $lst); - foreach ($lst as $dm) { - $dm = trim($dm); - if ($dm && check_bw_domain($dm) === false) - $input_errors[] = "Invalid blacklist element '$dm'. Example: '*domain.com, domain.com/*path*'."; - } - } +/* +* ------------------------------------------------------------------------------ +* Validation +* ------------------------------------------------------------------------------ +*/ +function havp_validate_settings($post, &$input_errors) { + $submit = isset($_GET['submit']) ? $_GET['submit'] : $_POST['submit']; + + /* Manual AV database update */ + if ($submit === 'Update_AV') { + havp_update_AV(); + } elseif ($submit === 'Start_scan') { + /* Scan file or directory */ + if (file_exists($post[F_SCANFILEPATH])) { + start_antivirus_scanner($post[F_SCANFILEPATH]); + } else { + $input_errors[] = "File or path does not exist: '{$post[F_SCANFILEPATH]}'."; + } + } else { + /* Interfaces */ + if (!isset($post[F_PROXYINTERFACE]) || empty($post[F_PROXYINTERFACE])) { + $post[F_PROXYINTERFACE] = "lan"; + } + /* Port validation */ + $prxport = trim($post[F_PROXYPORT]); + if (!empty($prxport) && !is_port($prxport)) { + $input_errors[] = 'You must enter a valid port number in the \'Proxy Port\' field'; + } + + /* Parent proxy validation */ + $parent = trim($post[F_PARENT]); + + /* Max Download Size validation */ + $maxval = trim($post[F_MAXDOWNLOADSIZE]); + if (!empty($maxval) && !is_numericint($maxval)) { + $input_errors[] = 'You must enter a valid numeric value in \'Max download size\' field.'; + } + + /* Scan Max File Size validation */ + $maxval = trim($post[F_SCANMAXSIZE]); + if (!empty($maxval) && !is_numericint($maxval)) { + $input_errors[] = 'You must enter a valid numeric value in \'Scan Max File Size\' field.'; + } + + /* Whitelist validation */ + $lst = str_replace(array(" ", ";"), "\n", $post[F_WHITELIST]); + $lst = explode("\n", $lst); + foreach ($lst as $dm) { + $dm = trim($dm); + if ($dm && check_bw_domain($dm) === false) { + $input_errors[] = "Invalid whitelist element: {$dm}. Valid examples: '*domain.com, domain.com/*path*'."; + } + } + + /* Blacklist validation */ + $lst = str_replace(array(" ", ";"), "\n", $post[F_BLACKLIST]); + $lst = explode("\n", $lst); + foreach ($lst as $dm) { + $dm = trim($dm); + if ($dm && check_bw_domain($dm) === false) { + $input_errors[] = "Invalid blacklist element: {$dm}. Valid examples: '*domain.com, domain.com/*path*'."; + } + } + } } -# ------------------------------------------------------------------------------ -# resync -# ------------------------------------------------------------------------------ -function havp_resync() -{ - global $havp_config; - - havp_convert_pfxml_xml(); - havp_check_system(); - - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # whitelist and blacklist - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # also white-listed by default: - $whitelist = havp_whitelist_def() . "\n" . str_replace(";", "\n", $havp_config[F_WHITELIST]); - $blacklist = str_replace(";", "\n", $havp_config[F_BLACKLIST]); - # fix: stupid havp parser - error on 0x0D: - $whitelist = str_replace("\r", "", $whitelist); - $blacklist = str_replace("\r", "", $blacklist); - file_put_contents(HVDEF_HAVP_WHITELIST, $whitelist); - file_put_contents(HVDEF_HAVP_BLACKLIST, $blacklist); - - # reconfigure clamd - havp_reconfigure_clamd(); - - # config havp - file_put_contents (HVDEF_HAVP_CONFIG, havp_config_havp()); - havp_set_file_access(HVDEF_WORK_DIR, HVDEF_USER, '0755'); - - if ($havp_config[F_ENABLE] === 'true') { - mwexec_bg(HVDEF_HAVP_STARTUP_SCRIPT . " restart"); - log_error("Starting HAVP"); - } - else { - mwexec_bg(HVDEF_HAVP_STARTUP_SCRIPT . " stop"); - log_error("Stopping HAVP"); - } - - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # reconfigure squid - havp_configure_squid(); - - # reconfigure AV parts - havp_reconfigure_freshclam(); - havp_reconfigure_cron(); - - # configure system filter for 2.xx - if (pfsense_version_() !== '1') filter_configure(); +/* +* ------------------------------------------------------------------------------ +* Resync +* ------------------------------------------------------------------------------ +*/ +function havp_resync() { + global $havp_config; + + havp_convert_pfxml_xml(); + havp_check_system(); + + /* + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * Whitelist and Blacklist + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + */ + // Also white-listed by default: + $whitelist = havp_whitelist_def() . "\n" . str_replace(";", "\n", $havp_config[F_WHITELIST]); + $blacklist = str_replace(";", "\n", $havp_config[F_BLACKLIST]); + // Fix: stupid HAVP parser - error on 0x0D: + $whitelist = str_replace("\r", "", $whitelist); + $blacklist = str_replace("\r", "", $blacklist); + file_put_contents(HVDEF_HAVP_WHITELIST, $whitelist); + file_put_contents(HVDEF_HAVP_BLACKLIST, $blacklist); + + /* Reconfigure clamd */ + havp_reconfigure_clamd(); + + /* Configure HAVP */ + file_put_contents (HVDEF_HAVP_CONFIG, havp_config_havp()); + havp_set_file_access(HVDEF_WORK_DIR, HVDEF_USER, '0755'); + + if ($havp_config[F_ENABLE] === 'true') { + mwexec_bg(HVDEF_HAVP_STARTUP_SCRIPT . " restart"); + log_error("Starting HAVP"); + } else { + mwexec_bg(HVDEF_HAVP_STARTUP_SCRIPT . " stop"); + log_error("Stopping HAVP"); + } + + /* Reconfigure Squid */ + havp_configure_squid(); + + /* Reconfigure AV parts */ + havp_reconfigure_freshclam(); + havp_reconfigure_cron(); } -# ------------------------------------------------------------------------------ -function havp_avset_resync() -{ - havp_convert_pfxml_xml(); - havp_check_system(); - # reconfigure - havp_reconfigure_clamd(); - havp_reconfigure_freshclam(); - havp_reconfigure_cron(); + +function havp_avset_resync() { + havp_convert_pfxml_xml(); + havp_check_system(); + /* Reconfigure */ + havp_reconfigure_clamd(); + havp_reconfigure_freshclam(); + havp_reconfigure_cron(); } -# ============================================================================== -# check system -# ============================================================================== -function havp_check_system() -{ - global $havp_config; - - # check user group - $grp = exec('pw group show ' . HVDEF_GROUP); - if (strpos($grp, HVDEF_GROUP) !== 0) { - exec('pw group add ' . HVDEF_GROUP); - log_error("Antivirus: Group '" . HVDEF_GROUP . "' was added."); - } - $usr = exec('pw usershow -n ' . HVDEF_USER); - if (strpos($usr, HVDEF_USER) !== 0) { - exec('pw useradd ' . HVDEF_USER . ' -g ' . HVDEF_GROUP . ' -h - -s "/sbin/nologin" -d "/nonexistent" -c "havp daemon"'); - log_error("Antivirus: User '" . HVDEF_USER . "' was added."); - } - - # workdir permissions - havp_set_file_access(HVDEF_WORK_DIR, HVDEF_USER, ''); - - # havp tempdir - if (!file_exists(HVDEF_HAVPTEMP_DIR)) - mwexec("mkdir -p " . HVDEF_HAVPTEMP_DIR); - havp_set_file_access(HVDEF_HAVPTEMP_DIR, HVDEF_USER, ''); - - # clamav dbdir - if (!file_exists(HVDEF_CLAM_DBDIR)) - mwexec("mkdir -p " . HVDEF_CLAM_DBDIR); - havp_set_file_access(HVDEF_CLAM_DBDIR, HVDEF_AVUSER, ''); - - # RAM tempdir - if (!file_exists(HVDEF_RAMTEMP_DIR)) - mwexec("mkdir -p " . HVDEF_RAMTEMP_DIR); - havp_set_file_access(HVDEF_RAMTEMP_DIR, HVDEF_USER, ''); - - # template permissions - if (!file_exists(HVDEF_TEMPLATES_EX)) - mwexec("mkdir -p " . HVDEF_TEMPLATES_EX); - havp_set_file_access(HVDEF_TEMPLATES, HVDEF_USER, ''); - havp_set_file_access(HVDEF_TEMPLATES_EX, HVDEF_USER, ''); - - # havp log dir - if (!file_exists(HVDEF_LOG_DIR)) - mwexec("mkdir -p " . HVDEF_LOG_DIR); - havp_set_file_access(HVDEF_LOG_DIR, HVDEF_USER, ''); - # log files exists ? - if (!file_exists(HVDEF_HAVP_ACCESSLOG)) file_put_contents(HVDEF_HAVP_ACCESSLOG, ''); - if (!file_exists(HVDEF_HAVP_ERRORLOG)) file_put_contents(HVDEF_HAVP_ERRORLOG, ''); - # log dir permissions - havp_set_file_access(HVDEF_LOG_DIR, HVDEF_USER, '0764'); - - # pid file - if (!file_exists(HVDEF_PID_FILE)) file_put_contents(HVDEF_PID_FILE, ''); - havp_set_file_access(HVDEF_PID_FILE, HVDEF_USER, '0664'); - - # freshclam config permissions - if (!file_exists(HVDEF_FRESHCLAM_CONF)) file_put_contents(HVDEF_FRESHCLAM_CONF, ''); - havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_AVUSER, '0664'); - - # clam log dir - if (!file_exists(HVDEF_AVLOG_DIR)) - mwexec("mkdir -p " . HVDEF_AVLOG_DIR); - havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, ''); - # log files exists ? - if (!file_exists(HVDEF_CLAM_LOG)) file_put_contents(HVDEF_CLAM_LOG, ''); - if (!file_exists(HVDEF_FRESHCLAM_LOG)) file_put_contents(HVDEF_FRESHCLAM_LOG, ''); - # log dir permissions - # if (!file_exists(HVDEF_AVLOG_DIR)) - # mwexec("mkdir -p " . HVDEF_AVLOG_DIR); - havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777'); - - # =-= ClamAV =-= - # catalog for Pid and Socket files - if (!file_exists(HVDEF_CLAM_RUNDIR)) - mwexec("mkdir -p " . HVDEF_CLAM_RUNDIR); - havp_set_file_access(HVDEF_CLAM_RUNDIR, HVDEF_USER, '0774'); - - # AV update script - file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script()); - havp_set_file_access(HVDEF_AVUPD_SCRIPT, HVDEF_AVUSER, '0755'); - - # AV update notification script -# file_put_contents(HVDEF_ON_AVUPD_SCRIPT, havp_on_avupd_script()); -# havp_set_file_access(HVDEF_ON_AVUPD_SCRIPT, HVDEF_AVUSER, '0755'); - - # startup script's (havp and clamd) - havp_startup_script(); - hv_clamd_startup_script(); - - # havp filter script - if (pfsense_version_() == '1') { - # script exists only for 1.2.x - file_put_contents(HVDEF_FILTER_RESYNC_SCRIPT, havp_filter_resync_script()); - havp_set_file_access(HVDEF_FILTER_RESYNC_SCRIPT, HVDEF_AVUSER, '0755'); - } else { - # delete script if exists - if (file_exists(HVDEF_FILTER_RESYNC_SCRIPT)) - mwexec("rm -f " . HVDEF_FILTER_RESYNC_SCRIPT); - } - - # mount RAMDisk - mountRAMdisk(true); +/* +* ============================================================================== +* Check system +* ============================================================================== +*/ +function havp_check_system() { + global $havp_config; + + /* Check/create user/group accounts */ + $grp = exec('/usr/sbin/pw group show ' . HVDEF_GROUP); + if (strpos($grp, HVDEF_GROUP) !== 0) { + exec('/usr/sbin/pw group add ' . HVDEF_GROUP); + log_error("Antivirus: Group '" . HVDEF_GROUP . "' was added."); + } + $usr = exec('/usr/sbin/pw usershow -n ' . HVDEF_USER); + if (strpos($usr, HVDEF_USER) !== 0) { + exec('/usr/sbin/pw useradd ' . HVDEF_USER . ' -g ' . HVDEF_GROUP . ' -h - -s "/sbin/nologin" -d "/nonexistent" -c "havp daemon"'); + log_error("Antivirus: User '" . HVDEF_USER . "' was added."); + } + + /* Workdir permissions */ + havp_set_file_access(HVDEF_WORK_DIR, HVDEF_USER, ''); + + /* HAVP tempdir */ + if (!file_exists(HVDEF_HAVPTEMP_DIR)) { + mwexec("/bin/mkdir -p " . HVDEF_HAVPTEMP_DIR); + } + havp_set_file_access(HVDEF_HAVPTEMP_DIR, HVDEF_USER, ''); + + /* ClamAV dbdir */ + if (!file_exists(HVDEF_CLAM_DBDIR)) { + mwexec("/bin/mkdir -p " . HVDEF_CLAM_DBDIR); + } + havp_set_file_access(HVDEF_CLAM_DBDIR, HVDEF_AVUSER, ''); + + /* RAM tempdir */ + if (!file_exists(HVDEF_RAMTEMP_DIR)) { + mwexec("/bin/mkdir -p " . HVDEF_RAMTEMP_DIR); + } + havp_set_file_access(HVDEF_RAMTEMP_DIR, HVDEF_USER, ''); + + /* Template directory and permissions */ + if (!file_exists(HVDEF_TEMPLATES_EX)) { + mwexec("/bin/mkdir -p " . HVDEF_TEMPLATES_EX); + } + havp_set_file_access(HVDEF_TEMPLATES, HVDEF_USER, ''); + havp_set_file_access(HVDEF_TEMPLATES_EX, HVDEF_USER, ''); + + /* HAVP log dir */ + if (!file_exists(HVDEF_LOG_DIR)) { + mwexec("/bin/mkdir -p " . HVDEF_LOG_DIR); + } + havp_set_file_access(HVDEF_LOG_DIR, HVDEF_USER, ''); + /* Create log files if needed */ + if (!file_exists(HVDEF_HAVP_ACCESSLOG)) { + file_put_contents(HVDEF_HAVP_ACCESSLOG, ''); + } + if (!file_exists(HVDEF_HAVP_ERRORLOG)) { + file_put_contents(HVDEF_HAVP_ERRORLOG, ''); + } + /* Log dir permissions */ + havp_set_file_access(HVDEF_LOG_DIR, HVDEF_USER, '0764'); + + /* PID file */ + if (!file_exists(HVDEF_PID_FILE)) { + file_put_contents(HVDEF_PID_FILE, ''); + } + havp_set_file_access(HVDEF_PID_FILE, HVDEF_USER, '0664'); + + /* freshclam config permissions */ + if (!file_exists(HVDEF_FRESHCLAM_CONF)) { + file_put_contents(HVDEF_FRESHCLAM_CONF, ''); + } + havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_AVUSER, '0664'); + + /* AV log dir */ + if (!file_exists(HVDEF_AVLOG_DIR)) { + mwexec("mkdir -p " . HVDEF_AVLOG_DIR); + } + havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, ''); + + /* Create AV log files if needed */ + if (!file_exists(HVDEF_CLAM_LOG)) { + file_put_contents(HVDEF_CLAM_LOG, ''); + } + if (!file_exists(HVDEF_FRESHCLAM_LOG)) { + file_put_contents(HVDEF_FRESHCLAM_LOG, ''); + } + /* Log dir permissions */ + havp_set_file_access(HVDEF_AVLOG_DIR, HVDEF_USER, '0777'); + + /* ClamAV */ + /* Directory for pid and socket files */ + if (!file_exists(HVDEF_CLAM_RUNDIR)) { + mwexec("mkdir -p " . HVDEF_CLAM_RUNDIR); + } + havp_set_file_access(HVDEF_CLAM_RUNDIR, HVDEF_USER, '0774'); + + /* AV update script */ + file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script()); + havp_set_file_access(HVDEF_AVUPD_SCRIPT, HVDEF_AVUSER, '0755'); + + /* AV update notification script */ + // file_put_contents(HVDEF_ON_AVUPD_SCRIPT, havp_on_avupd_script()); + // havp_set_file_access(HVDEF_ON_AVUPD_SCRIPT, HVDEF_AVUSER, '0755'); + + /* Startup scripts (HAVP and clamd) */ + havp_startup_script(); + hv_clamd_startup_script(); + + /* mount RAMDisk */ + mountRAMdisk(true); } -# ============================================================================== -# Reconfigure package parts -# ============================================================================== -function havp_reconfigure_clamd() -{ - file_put_contents (HVDEF_CLAM_CONFIG, havp_config_clam()); - havp_set_file_access(HVDEF_CLAM_CONFIG, HVDEF_USER, '0664'); +/* +* ============================================================================== +* Reconfigure package parts +* ============================================================================== +*/ +function havp_reconfigure_clamd() { + file_put_contents(HVDEF_CLAM_CONFIG, havp_config_clam()); + havp_set_file_access(HVDEF_CLAM_CONFIG, HVDEF_USER, '0664'); } -# ------------------------------------------------------------------------------ -function havp_reconfigure_freshclam() -{ - # config freshclam - file_put_contents (HVDEF_FRESHCLAM_CONF, havp_config_freshclam()); - havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_USER, '0664'); + +function havp_reconfigure_freshclam() { + file_put_contents (HVDEF_FRESHCLAM_CONF, havp_config_freshclam()); + havp_set_file_access(HVDEF_FRESHCLAM_CONF, HVDEF_USER, '0664'); } -# ------------------------------------------------------------------------------ -function havp_reconfigure_cron() -{ - global $havp_config; - - # cron task - $on = false; - $optval = array("", "*/1", "*/2", "*/3", "*/4", "*/6", "*/8", "*/12", "0"); - $opt = array("0", "*", "*", "*", "*", "root", "/usr/bin/nice -n20 " . HVDEF_AVUPD_SCRIPT); - $opt[1] = $optval[$havp_config[F_HAVPUPDATE]]; - $on = ($opt[1] !== ""); - - havp_setup_cron(HVDEF_AVUPD_SCRIPT, $opt, $on); + +function havp_reconfigure_cron() { + global $config; + + /* Cron task */ + $on = false; + $optval = array("", "*/1", "*/2", "*/3", "*/4", "*/6", "*/8", "*/12", "0"); + $opt = array("0", "*", "*", "*", "*", "root"); + $opt[1] = $optval[$havp_config[F_HAVPUPDATE]]; + $on = ($opt[1] != ""); + $crontask = "/usr/bin/nice -n20 " . HVDEF_AVUPD_SCRIPT; + + // Set new cron task or remove it if inactive + if ($on === true) { + install_cron_job($crontask, true, $opt[0], $opt[1], $opt[2], $opt[3], $opt[4], $opt[5]); + } else { + install_cron_job($crontask, false); + } } -# ------------------------------------------------------------------------------ -# Convert conf to XML -# ------------------------------------------------------------------------------ -function havp_convert_pfxml_xml() -{ - global $config, $havp_config; - - $pfconf = $config['installedpackages'][HVFORM_HAVP]['config'][0]; - - # === GUI Fields === - $havp_config[F_ENABLE] = ( $pfconf[F_ENABLE] === 'on' ? 'true' : 'false' ); - # ClamAV mode - $havp_config[F_USECLAMD] = $pfconf[F_USECLAMD]; - # proxy - $havp_config[F_PROXYMODE] = ( !empty($pfconf[F_PROXYMODE]) ? $pfconf[F_PROXYMODE] : 'standard' ); -# ToDo: add check squid transparent - $havp_config[F_PROXYINTERFACE] = $pfconf[F_PROXYINTERFACE]; - $havp_config[F_PROXYPORT] = ( !empty($pfconf[F_PROXYPORT]) ? $pfconf[F_PROXYPORT] : HVDEF_PROXYPORT ); -# ToDo: add check squid proxy port - # parent proxy - # [F_PARENTPROXY] = "proxy_ip:port" - $pfconf[F_PARENTPROXY] = trim($pfconf[F_PARENTPROXY]); - if (!empty($pfconf[F_PARENTPROXY])) { - $parent = explode(":", trim($pfconf[F_PARENTPROXY])); - $havp_config[F_PARENTPROXY] = array( 'ip' => $parent[0], 'port' => $parent[1] ); +/* +* ------------------------------------------------------------------------------ +* Convert configuration to XML +* ------------------------------------------------------------------------------ +*/ +function havp_convert_pfxml_xml() { + global $config, $havp_config; + + $pfconf = $config['installedpackages'][HVFORM_HAVP]['config'][0]; + + /* === GUI Fields === */ + $havp_config[F_ENABLE] = ($pfconf[F_ENABLE] === 'on' ? 'true' : 'false'); + + /* ClamAV mode */ + $havp_config[F_USECLAMD] = $pfconf[F_USECLAMD]; + + /* Proxy */ + $havp_config[F_PROXYMODE] = $pfconf[F_PROXYMODE] ?: 'standard'; + // TODO: Add check for Squid transparent + $havp_config[F_PROXYINTERFACE] = $pfconf[F_PROXYINTERFACE]; + // TODO: Add check for Squid proxy port + $havp_config[F_PROXYPORT] = $pfconf[F_PROXYPORT] ?: HVDEF_PROXYPORT; + + /* Parent proxy */ + // [F_PARENTPROXY] = "proxy_ip:port" + $pfconf[F_PARENTPROXY] = trim($pfconf[F_PARENTPROXY]); + if (!empty($pfconf[F_PARENTPROXY])) { + $parent = explode(":", trim($pfconf[F_PARENTPROXY])); + $havp_config[F_PARENTPROXY] = array('ip' => $parent[0], 'port' => $parent[1]); + } else { + $havp_config[F_PARENTPROXY] = ''; } - else $havp_config[F_PARENTPROXY] = ''; - # language - $havp_config[F_LANGUAGE] = trim($pfconf[F_LANGUAGE]); - # proxy settings - $havp_config[F_ENABLEFORWARDEDIP] = ( $pfconf[F_ENABLEFORWARDEDIP] === 'on' ? 'true' : 'false' ); - $havp_config[F_ENABLEXFORWARDEDFOR] = ( $pfconf[F_ENABLEXFORWARDEDFOR] === 'on' ? 'true' : 'false' ); - $havp_config[F_MAXDOWNLOADSIZE] = ( is_numeric($pfconf[F_MAXDOWNLOADSIZE]) ? $pfconf[F_MAXDOWNLOADSIZE] : 0 ); - $havp_config[F_RANGE] = ( $pfconf[F_RANGE] === 'on' ? 'true' : 'false' ); - $havp_config[F_ENABLERAMDISK] = ( $pfconf[F_ENABLERAMDISK] === 'on' ? 'true' : 'false' ); - # whitelist - $havp_config[F_WHITELIST] = base64_decode($pfconf[F_WHITELIST]); - $havp_config[F_WHITELIST] = str_replace(";", "\n", $havp_config[F_WHITELIST]); - $havp_config[F_WHITELIST] = str_replace(";", " ", $havp_config[F_WHITELIST]); - # blacklist - $havp_config[F_BLACKLIST] = base64_decode($pfconf[F_BLACKLIST]); - $havp_config[F_BLACKLIST] = str_replace(";", "\n", $havp_config[F_BLACKLIST]); - $havp_config[F_BLACKLIST] = str_replace(";", " ", $havp_config[F_BLACKLIST]); - - # =-= Temp RAMDisk =-= - # use RAMDisk if only capacity > calculated [MAXSCANSIZE * 50 connections] - # =-= - # before config manage Temp Dir = RAMDisk|Hard Disk - $havp_config[HV_SCANTEMPFILE] = HVDEF_HAVPTEMP_DIR . HVDEF_SCANTEMPFILE; - if ($havp_config[F_ENABLERAMDISK] === 'true') { - $sys_capacity = get_memory(); - $mem_capacity = intval($sys_capacity[0]) / 4; # [Mb] - $calculated = 50 * $havp_config[F_SCANMAXSIZE] / (1024 * 1024); # [Mb] - - # this is restriction need for balancing between pfSense and HAVP work speed - # we can not allocate memory at the expense of other services of the pfSense - if ($mem_capacity > $calculated) { - # re-define temp file to RAM Disk - $havp_config[HV_SCANTEMPFILE] = HVDEF_RAMTEMP_DIR . HVDEF_SCANTEMPFILE; - } - else - log_error("havp: RAMDisk not used. Diagnostic: system {$sys_capacity[0]}Mb, avialable {$mem_capacity}Mb, calculated {$calculated}Mb. Try reducing 'MAXSCANSIZE' value."); - } - # scanner - $havp_config[F_FAILSCANERROR] = ( $pfconf[F_FAILSCANERROR] === 'on' ? 'true' : 'false' ); - $havp_config[F_SCANMAXSIZE] = ( is_numeric($pfconf[F_SCANMAXSIZE]) ? $pfconf[F_SCANMAXSIZE] : HVDEF_MAXSCANSIZE ) * 1024; # KB -> Byte - $havp_config[F_SCANIMG] = ( $pfconf[F_SCANIMG] === 'on' ? 'true' : 'false' ); - $havp_config[F_SCANARC] = ( $pfconf[F_SCANARC] === 'on' ? 'true' : 'false' ); - $havp_config[F_SCANSTREAM] = ( $pfconf[F_SCANSTREAM] === 'on' ? 'true' : 'false' ); - $havp_config[F_SCANBROKENEXE] = ( $pfconf[F_SCANBROKENEXE] === 'on' ? 'true' : 'false' ); - $havp_config[F_SCANARCMAXSIZE] = ( is_numeric($pfconf[F_SCANARCMAXSIZE]) ? $pfconf[F_SCANARCMAXSIZE] : HVDEF_MAXARCSCANSIZE ); - # log - $havp_config[F_SYSLOG] = ( $pfconf[F_SYSLOG] === 'on' ? 'true' : 'false' ); - $havp_config[F_LOG] = ( $pfconf[F_LOG] === 'on' ? 'true' : 'false' ); - # - # =-= Internal variables =-= - # proxy - $havp_config[F_PROXYBINDIFACE] = 'localhost'; - # language template files path - $lng = $havp_config[F_LANGUAGE] ? $havp_config[F_LANGUAGE] : "en"; - $havp_config[F_TEMPLATEPATH] = ( file_exists(HVDEF_TEMPLATES_EX . "/$lng") ? HVDEF_TEMPLATES_EX : HVDEF_TEMPLATES ); - $havp_config[F_TEMPLATEPATH] .= "/$lng"; - # - # =-= HVFORM_AVSET =-= - # av settings - $pf_avset_conf = $config['installedpackages'][HVFORM_AVSET]['config'][0]; - $havp_config[F_HAVPUPDATE] = $pf_avset_conf[F_HAVPUPDATE]; - $havp_config[F_DBREGION] = $pf_avset_conf[F_DBREGION]; - $havp_config[F_AVUPDATESERVER] = $pf_avset_conf[F_AVUPDATESERVER]; - # avlog - $havp_config[F_AVSETSYSLOG] = $pf_avset_conf[F_AVSETSYSLOG] === 'on' ? 'true' : 'false'; - $havp_config[F_AVSETLOG] = $pf_avset_conf[F_AVSETLOG] === 'on' ? 'true' : 'false'; - - # - # store havp config cache - $cfg_xml = dump_xml_config($havp_config, 'havp'); - file_put_contents(HVDEF_HAVP_XMLCONF, $cfg_xml); - - return $havp_config; + + /* Language */ + $havp_config[F_LANGUAGE] = trim($pfconf[F_LANGUAGE]); + + /* HAVP proxy settings */ + $havp_config[F_ENABLEFORWARDEDIP] = ($pfconf[F_ENABLEFORWARDEDIP] === 'on' ? 'true' : 'false'); + $havp_config[F_ENABLEXFORWARDEDFOR] = ($pfconf[F_ENABLEXFORWARDEDFOR] === 'on' ? 'true' : 'false'); + $havp_config[F_MAXDOWNLOADSIZE] = (is_numeric($pfconf[F_MAXDOWNLOADSIZE]) ? $pfconf[F_MAXDOWNLOADSIZE] : 0); + $havp_config[F_RANGE] = ($pfconf[F_RANGE] === 'on' ? 'true' : 'false' ); + $havp_config[F_ENABLERAMDISK] = ($pfconf[F_ENABLERAMDISK] === 'on' ? 'true' : 'false'); + // Whitelist + $havp_config[F_WHITELIST] = base64_decode($pfconf[F_WHITELIST]); + $havp_config[F_WHITELIST] = str_replace(";", "\n", $havp_config[F_WHITELIST]); + $havp_config[F_WHITELIST] = str_replace(";", " ", $havp_config[F_WHITELIST]); + // Blacklist + $havp_config[F_BLACKLIST] = base64_decode($pfconf[F_BLACKLIST]); + $havp_config[F_BLACKLIST] = str_replace(";", "\n", $havp_config[F_BLACKLIST]); + $havp_config[F_BLACKLIST] = str_replace(";", " ", $havp_config[F_BLACKLIST]); + + /* + * ------------------------------------------------------------------------------ + * Temp RAMDisk + * ------------------------------------------------------------------------------ + * Use RAMDisk only if capacity > calculated [MAXSCANSIZE * 50 connections] + * Set up temp dir accordingly + */ + $havp_config[HV_SCANTEMPFILE] = HVDEF_HAVPTEMP_DIR . HVDEF_SCANTEMPFILE; + if ($havp_config[F_ENABLERAMDISK] === 'true') { + $sys_capacity = get_memory(); + $mem_capacity = intval($sys_capacity[0]) / 4; // [MB] + $calculated = 50 * $havp_config[F_SCANMAXSIZE] / (1024 * 1024); // [MB] + } + /* + * This restriction is required for balancing between pfSense and HAVP work speed + * We cannot allocate memory at the expense of other services running on pfSense + */ + if ($mem_capacity > $calculated) { + // Redefine temp file to RAM Disk + $havp_config[HV_SCANTEMPFILE] = HVDEF_RAMTEMP_DIR . HVDEF_SCANTEMPFILE; + } else { + log_error("HAVP: RAMDisk not used. Diagnostic: system {$sys_capacity[0]}MB, available {$mem_capacity}MB, calculated {$calculated}MB. Try reducing 'MAXSCANSIZE' value."); + } + + /* Scanner */ + $havp_config[F_FAILSCANERROR] = ( $pfconf[F_FAILSCANERROR] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANMAXSIZE] = ( is_numeric($pfconf[F_SCANMAXSIZE]) ? $pfconf[F_SCANMAXSIZE] : HVDEF_MAXSCANSIZE ) * 1024; // KB -> Byte + $havp_config[F_SCANIMG] = ( $pfconf[F_SCANIMG] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANARC] = ( $pfconf[F_SCANARC] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANSTREAM] = ( $pfconf[F_SCANSTREAM] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANBROKENEXE] = ( $pfconf[F_SCANBROKENEXE] === 'on' ? 'true' : 'false' ); + $havp_config[F_SCANARCMAXSIZE] = ( is_numeric($pfconf[F_SCANARCMAXSIZE]) ? $pfconf[F_SCANARCMAXSIZE] : HVDEF_MAXARCSCANSIZE ); + + /* Log */ + $havp_config[F_SYSLOG] = ($pfconf[F_SYSLOG] === 'on' ? 'true' : 'false'); + $havp_config[F_LOG] = ($pfconf[F_LOG] === 'on' ? 'true' : 'false'); + + /* + * ------------------------------------------------------------------------------ + * Internal variables + * ------------------------------------------------------------------------------ + */ + /* Proxy */ + $havp_config[F_PROXYBINDIFACE] = 'localhost'; + /* Language template files path */ + $lng = $havp_config[F_LANGUAGE] ? $havp_config[F_LANGUAGE] : "en"; + $havp_config[F_TEMPLATEPATH] = (file_exists(HVDEF_TEMPLATES_EX . "/$lng") ? HVDEF_TEMPLATES_EX : HVDEF_TEMPLATES ); + $havp_config[F_TEMPLATEPATH] .= "/$lng"; + /* AV settings */ + $pf_avset_conf = $config['installedpackages'][HVFORM_AVSET]['config'][0]; + $havp_config[F_HAVPUPDATE] = $pf_avset_conf[F_HAVPUPDATE]; + $havp_config[F_DBREGION] = $pf_avset_conf[F_DBREGION]; + $havp_config[F_AVUPDATESERVER] = $pf_avset_conf[F_AVUPDATESERVER]; + /* AV log */ + $havp_config[F_AVSETSYSLOG] = $pf_avset_conf[F_AVSETSYSLOG] === 'on' ? 'true' : 'false'; + $havp_config[F_AVSETLOG] = $pf_avset_conf[F_AVSETLOG] === 'on' ? 'true' : 'false'; + + /* Store HAVP config cache */ + $cfg_xml = dump_xml_config($havp_config, 'havp'); + file_put_contents(HVDEF_HAVP_XMLCONF, $cfg_xml); + + return $havp_config; } -# ------------------------------------------------------------------------------ -# config -# ------------------------------------------------------------------------------ -# HAVP config -function havp_config_havp() -{ - global $havp_config; - - $conf = array(); - $conf[] = -"# ============================================================ +/* +* ------------------------------------------------------------------------------ +* Configuration +* ------------------------------------------------------------------------------ +*/ +/* HAVP config */ +function havp_config_havp() { + global $havp_config; + + $conf = array(); + $conf[] = <<< EOF +# ============================================================ # HAVP config file -# This file generated automaticly with HAVP configurator (part of pfSense) -# (C)2008 Serg Dvoriancev +# This file generated with HAVP configurator (part of pfSense) +# DO NOT EDIT manually, changes will be overwritten! +# (C) 2008 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================ -"; - $conf[] = "USER " . HVDEF_USER; - $conf[] = "GROUP " . HVDEF_GROUP; - $conf[] = "DAEMON true"; - $conf[] = "PIDFILE " . HVDEF_PID_FILE; - $conf[] = "\n# For small home use, 8 should be minimum."; - $conf[] = "# For 500 users corporate use, start at 40."; - $conf[] = "SERVERNUMBER " . HVDEF_HAVP_MINSRV; - $conf[] = "MAXSERVERS " . HVDEF_HAVP_MAXSRV; - # log - $conf[] = "\n# log "; - $conf[] = "ACCESSLOG " . HVDEF_HAVP_ACCESSLOG; - $conf[] = "ERRORLOG " . ($havp_config[F_LOG] === 'true' ? HVDEF_HAVP_ERRORLOG : "/dev/null"); - # syslog - $conf[] = "\n# syslog"; - $conf[] = "USESYSLOG {$havp_config[F_SYSLOG]}"; - $conf[] = "SYSLOGNAME havp"; - $conf[] = "SYSLOGFACILITY daemon"; - $conf[] = "SYSLOGLEVEL " . (HV_DEBUG === 'true' ? "debug" : "info"); # err | warning | info | debug - # - $conf[] = "\n# Level of HAVP logging\n# 0 = Only serious errors and information\n# 1 = Less interesting information is included"; - $conf[] = "LOG_OKS false"; # false - access_log requests viruses only, true - access_log all requests - $conf[] = "LOGLEVEL " . ( HV_DEBUG === 'true' ? "1" : "0" ); # 0 - work level, 1 - debug level - # temp - $conf[] = "\n# temp "; - $conf[] = "SCANTEMPFILE " . $havp_config[HV_SCANTEMPFILE]; - $conf[] = "TEMPDIR " . HVDEF_TEMP_DIR; - # - $conf[] = "\n#"; - $conf[] = "DBRELOAD 180"; - $conf[] = "TRANSPARENT " . ( $havp_config[F_PROXYMODE] === 'transparent' ? "true" : "false" ); - # X-FORWARD, X-FORWARDED-FOR options - $conf[] = "\n# if HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP."; - $conf[] = "FORWARDED_IP " . $havp_config[F_ENABLEFORWARDEDIP]; - $conf[] = "X_FORWARDED_FOR " . $havp_config[F_ENABLEXFORWARDEDFOR]; - # parent proxy = [proxy:port] - if (!empty($havp_config[F_PARENTPROXY])) { - $conf[] = "\n# parent proxy "; - $conf[] = "PARENTPROXY {$havp_config[F_PARENTPROXY]['ip']}"; - $conf[] = "PARENTPORT {$havp_config[F_PARENTPROXY]['port']}"; - } - # proxy listening on - $conf[] = "\n# havp is listening on "; - $conf[] = "PORT {$havp_config[F_PROXYPORT]}"; - # bind to ip address - $bind_iface = get_real_interface_address($havp_config[F_PROXYBINDIFACE]); - $conf[] = "BIND_ADDRESS {$bind_iface[0]}"; - # template files language - $conf[] = "\n# Path to template files "; - $conf[] = "TEMPLATEPATH {$havp_config[F_TEMPLATEPATH]}"; - # - $conf[] = "\n# whitelist and blacklist"; - $conf[] = "WHITELISTFIRST true"; - $conf[] = "WHITELIST " . HVDEF_HAVP_WHITELIST; - $conf[] = "BLACKLIST " . HVDEF_HAVP_BLACKLIST; - # failscanerror - pass/block files if scanner error - $conf[] = "\n# block file if error scanning"; - $conf[] = "FAILSCANERROR {$havp_config[F_FAILSCANERROR]}"; - # - $conf[] = "\n# scanner "; - $conf[] = "SCANNERTIMEOUT 10"; - # - if ($havp_config[F_SCANSTREAM] === 'true') { - # - $conf[] = "\n# always allow range, if stream scan enabled"; - $conf[] = "RANGE true"; - $conf[] = "\n# stream scan enabled"; - $conf[] = "STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS"; - $conf[] = "STREAMSCANSIZE 2000"; - } - else { - # renew downloads ? - $conf[] = "RANGE {$havp_config[F_RANGE]}"; - $conf[] = "\n# stream scan disabled"; - $conf[] = "STREAMSCANSIZE 0"; - } - - # scan options - $conf[] = "SCANIMAGES {$havp_config[F_SCANIMG]}"; - $conf[] = "MAXSCANSIZE {$havp_config[F_SCANMAXSIZE]}"; - # - $conf[] = "KEEPBACKBUFFER 200000"; - $conf[] = "KEEPBACKTIME 5"; - # - $conf[] = "# After Trickling Time (seconds), some bytes are sent to browser to keep the connection alive"; - $conf[] = "TRICKLING 10"; - $conf[] = "TRICKLINGBYTES 1"; - # - $conf[] = "# Downloads larger than MAXDOWNLOADSIZE will be blocked."; - $conf[] = "MAXDOWNLOADSIZE {$havp_config[F_MAXDOWNLOADSIZE]}"; - # - $conf[] = "\n# ClamAV Library Scanner (libclamav) "; - $conf[] = "ENABLECLAMLIB " . ($havp_config[F_USECLAMD] !== 'true' ? "true" : "false"); - # use clamd, if configured - if ($havp_config[F_USECLAMD] === 'true') { - $conf[] = "\n# Clamd scanner (Clam daemon)"; - $conf[] = "ENABLECLAMD true"; - # clamd socket - if (HV_CLAMD_TCPSOCKET === 'true') { - $conf[] = "CLAMDSERVER 127.0.0.1"; - $conf[] = "CLAMDPORT " . HVDEF_CLAM_TCPSOCKET; - } - else $conf[] = "CLAMDSOCKET " . HVDEF_CLAM_SOCKET; - } - $conf[] = ""; - return implode("\n", $conf); +EOF; + $conf[] = "USER " . HVDEF_USER; + $conf[] = "GROUP " . HVDEF_GROUP; + $conf[] = "DAEMON true"; + $conf[] = "PIDFILE " . HVDEF_PID_FILE; + $conf[] = "\n# For small home use, 8 should be minimum."; + $conf[] = "# For 500 users corporate use, start at 40."; + $conf[] = "SERVERNUMBER " . HVDEF_HAVP_MINSRV; + $conf[] = "MAXSERVERS " . HVDEF_HAVP_MAXSRV; + // Log + $conf[] = "\n# log "; + $conf[] = "ACCESSLOG " . HVDEF_HAVP_ACCESSLOG; + $conf[] = "ERRORLOG " . ($havp_config[F_LOG] === 'true' ? HVDEF_HAVP_ERRORLOG : "/dev/null"); + // Syslog + $conf[] = "\n# syslog"; + $conf[] = "USESYSLOG {$havp_config[F_SYSLOG]}"; + $conf[] = "SYSLOGNAME havp"; + $conf[] = "SYSLOGFACILITY daemon"; + $conf[] = "SYSLOGLEVEL " . (HV_DEBUG === 'true' ? "debug" : "info"); // err | warning | info | debug + // Loglevel + $conf[] = "\n# Level of HAVP logging\n# 0 = Only serious errors and information\n# 1 = Less interesting information is included"; + $conf[] = "LOG_OKS false"; // false - access_log requests viruses only, true - access_log all requests + $conf[] = "LOGLEVEL " . ( HV_DEBUG === 'true' ? "1" : "0" ); // 0 - work level, 1 - debug level + // Temp dir/file + $conf[] = "\n# temp "; + $conf[] = "SCANTEMPFILE " . $havp_config[HV_SCANTEMPFILE]; + $conf[] = "TEMPDIR " . HVDEF_TEMP_DIR; + # + $conf[] = "\n#"; + $conf[] = "DBRELOAD 180"; + $conf[] = "TRANSPARENT " . ( $havp_config[F_PROXYMODE] === 'transparent' ? "true" : "false" ); + // X-FORWARD, X-FORWARDED-FOR options + $conf[] = "\n# if HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP."; + $conf[] = "FORWARDED_IP " . $havp_config[F_ENABLEFORWARDEDIP]; + $conf[] = "X_FORWARDED_FOR " . $havp_config[F_ENABLEXFORWARDEDFOR]; + // Parent proxy = [proxy:port] + if (!empty($havp_config[F_PARENTPROXY])) { + $conf[] = "\n# parent proxy "; + $conf[] = "PARENTPROXY {$havp_config[F_PARENTPROXY]['ip']}"; + $conf[] = "PARENTPORT {$havp_config[F_PARENTPROXY]['port']}"; + } + // Proxy listening on + $conf[] = "\n# havp is listening on "; + $conf[] = "PORT {$havp_config[F_PROXYPORT]}"; + // Bind to IP address + $bind_iface = get_real_interface_address($havp_config[F_PROXYBINDIFACE]); + $conf[] = "BIND_ADDRESS {$bind_iface[0]}"; + // Language template files + $conf[] = "\n# Path to template files "; + $conf[] = "TEMPLATEPATH {$havp_config[F_TEMPLATEPATH]}"; + // Whitelist and blacklist + $conf[] = "\n# whitelist and blacklist"; + $conf[] = "WHITELISTFIRST true"; + $conf[] = "WHITELIST " . HVDEF_HAVP_WHITELIST; + $conf[] = "BLACKLIST " . HVDEF_HAVP_BLACKLIST; + // Pass/block files on scanner error + $conf[] = "\n# block file if error scanning"; + $conf[] = "FAILSCANERROR {$havp_config[F_FAILSCANERROR]}"; + // Scanner timeout + $conf[] = "\n# scanner "; + $conf[] = "SCANNERTIMEOUT 10"; + // Scan multimedia streams? + if ($havp_config[F_SCANSTREAM] === 'true') { + $conf[] = "\n# always allow range, if stream scan enabled"; + $conf[] = "RANGE true"; + $conf[] = "\n# stream scan enabled"; + $conf[] = "STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS"; + $conf[] = "STREAMSCANSIZE 2000"; + } else { + // Resume downloads? + $conf[] = "RANGE {$havp_config[F_RANGE]}"; + $conf[] = "\n# stream scan disabled"; + $conf[] = "STREAMSCANSIZE 0"; + } + + // Scan options + $conf[] = "SCANIMAGES {$havp_config[F_SCANIMG]}"; + $conf[] = "MAXSCANSIZE {$havp_config[F_SCANMAXSIZE]}"; + $conf[] = "KEEPBACKBUFFER 200000"; + $conf[] = "KEEPBACKTIME 5"; + $conf[] = "# After Trickling Time (seconds), some bytes are sent to browser to keep the connection alive"; + $conf[] = "TRICKLING 10"; + $conf[] = "TRICKLINGBYTES 1"; + $conf[] = "# Downloads larger than MAXDOWNLOADSIZE will be blocked."; + $conf[] = "MAXDOWNLOADSIZE {$havp_config[F_MAXDOWNLOADSIZE]}"; + $conf[] = "\n# ClamAV Library Scanner (libclamav) "; + $conf[] = "ENABLECLAMLIB " . ($havp_config[F_USECLAMD] !== 'true' ? "true" : "false"); + // Use clamd if configured + if ($havp_config[F_USECLAMD] === 'true') { + $conf[] = "\n# Clamd scanner (Clam daemon)"; + $conf[] = "ENABLECLAMD true"; + // Clamd socket + if (HV_CLAMD_TCPSOCKET === 'true') { + $conf[] = "CLAMDSERVER 127.0.0.1"; + $conf[] = "CLAMDPORT " . HVDEF_CLAM_TCPSOCKET; + } else { + $conf[] = "CLAMDSOCKET " . HVDEF_CLAM_SOCKET; + } + } + $conf[] = ""; + return implode("\n", $conf); } -# ------------------------------------------------------------------------------ -# Clamd config -# ------------------------------------------------------------------------------ -function havp_config_clam() -{ - global $havp_config; - - $conf = array(); - $conf[] = -"# ============================================================================== +/* +* ------------------------------------------------------------------------------ +* Clamd config +* ------------------------------------------------------------------------------ +*/ +function havp_config_clam() { + global $havp_config; + + $conf = array(); + $conf[] = <<< EOF +# ============================================================================== # CLAMD config file -# This file generated automaticly with HAVP configurator (part of pfSense) -# (C)2008 Serg Dvoriancev +# This file generated with HAVP configurator (part of pfSense) +# DO NOT EDIT manually, changes will be overwritten! +# (C) 2008 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================================== -"; - $conf[] = "# log"; - $conf[] = "LogFileUnlock yes"; - $conf[] = "LogFileMaxSize 2M"; - $conf[] = "LogTime yes"; - $conf[] = "LogClean no"; - $conf[] = "LogFacility LOG_LOCAL6"; - $conf[] = "LogVerbose " . ( HV_DEBUG === "true" ? "yes" : "no" ); - - # Syslog - $islog = $havp_config[F_AVSETLOG] === 'true'; - $issyslog = $havp_config[F_AVSETSYSLOG] === 'true'; - $conf[] = "LogSyslog " . ($islog && $issyslog ? 'yes' : 'no'); - if ($islog && !$issyslog) - $conf[] = "LogFile " . HVDEF_CLAM_LOG; - # - $conf[] = "\n# sysdirs"; - $conf[] = "PidFile " . HVDEF_CLAM_PID; - $conf[] = "TemporaryDirectory " . HVDEF_TEMP_DIR; - $conf[] = "DatabaseDirectory /var/db/clamav"; - # - $conf[] = "\n# socket"; - $conf[] = "LocalSocket " . HVDEF_CLAM_SOCKET; - $conf[] = "FixStaleSocket yes"; - # - if (HV_CLAMD_TCPSOCKET === 'true') { - $conf[] = "TCPAddr 127.0.0.1"; - $conf[] = "TCPSocket " . HVDEF_CLAM_TCPSOCKET; - } - $conf[] = "MaxConnectionQueueLength 30"; - # - $conf[] = "\n# daemon"; - $conf[] = "MaxThreads 100"; - # - $conf[] = "\n# scanner"; - $conf[] = "MaxDirectoryRecursion 255"; - $conf[] = "FollowDirectorySymlinks no"; # not need scan symbol links dirs - $conf[] = "FollowFileSymlinks yes"; - $conf[] = "# perform a database check.(sec) [3600 sec = 60 min]"; - $conf[] = "SelfCheck 3600"; - $conf[] = "# detect possibly unwanted applications."; - $conf[] = "DetectPUA no"; # possible unwanted applications - $conf[] = "AlgorithmicDetection yes"; - $conf[] = "# executable"; - if ($havp_config[F_SCANBROKENEXE] === 'true') - {$conf[] = "DetectBrokenExecutables yes";} - else - {$conf[] = "DetectBrokenExecutables no";} - # - $conf[] = "ScanPE yes"; - $conf[] = "ScanELF yes"; - $conf[] = "# documents"; - $conf[] = "ScanOLE2 yes"; - $conf[] = "ScanPDF yes"; - $conf[] = "# email"; - $conf[] = "ScanMail yes"; - $conf[] = "MailFollowURLs no"; - $conf[] = "PhishingSignatures yes"; - $conf[] = "PhishingScanURLs yes"; - $conf[] = "PhishingAlwaysBlockSSLMismatch no"; - $conf[] = "PhishingAlwaysBlockCloak no"; - $conf[] = "# html"; - $conf[] = "ScanHTML yes"; - $conf[] = "# archives"; - $conf[] = "ScanArchive yes"; -# $conf[] = "ArchiveLimitMemoryUsage no"; # deprecated on 0.95 - $conf[] = "ArchiveBlockEncrypted no"; - $conf[] = "# limits"; - $conf[] = "MaxScanSize 50M"; - $conf[] = "MaxFileSize 30M"; - $conf[] = "MaxRecursion 255"; - $conf[] = "MaxFiles 10000"; - # - $conf[] = "\n# system"; - $conf[] = "User root"; # . HVDEF_USER; # mast have full access to files for scan - $conf[] = "AllowSupplementaryGroups yes"; - $conf[] = "Debug " . (HV_DEBUG === 'true' ? "yes" : "no"); - # - $conf[] = ""; - return implode("\n", $conf); +EOF; + // Log + $conf[] = "# log"; + $conf[] = "LogFileUnlock yes"; + $conf[] = "LogFileMaxSize 2M"; + $conf[] = "LogTime yes"; + $conf[] = "LogClean no"; + $conf[] = "LogFacility LOG_LOCAL6"; + $conf[] = "LogVerbose " . ( HV_DEBUG === "true" ? "yes" : "no" ); + # Syslog + $islog = $havp_config[F_AVSETLOG] === 'true'; + $issyslog = $havp_config[F_AVSETSYSLOG] === 'true'; + $conf[] = "LogSyslog " . ($islog && $issyslog ? 'yes' : 'no'); + if ($islog && !$issyslog) { + $conf[] = "LogFile " . HVDEF_CLAM_LOG; + } + // Sysdirs + $conf[] = "\n# sysdirs"; + $conf[] = "PidFile " . HVDEF_CLAM_PID; + $conf[] = "TemporaryDirectory " . HVDEF_TEMP_DIR; + $conf[] = "DatabaseDirectory /var/db/clamav"; + // Socket + $conf[] = "\n# socket"; + $conf[] = "LocalSocket " . HVDEF_CLAM_SOCKET; + $conf[] = "FixStaleSocket yes"; + if (HV_CLAMD_TCPSOCKET === 'true') { + $conf[] = "TCPAddr 127.0.0.1"; + $conf[] = "TCPSocket " . HVDEF_CLAM_TCPSOCKET; + } + $conf[] = "MaxConnectionQueueLength 30"; + // Daemon + $conf[] = "\n# daemon"; + $conf[] = "MaxThreads 100"; + // Scanner + $conf[] = "\n# scanner"; + $conf[] = "MaxDirectoryRecursion 255"; + $conf[] = "FollowDirectorySymlinks no"; // No need to scan symlinked dirs + $conf[] = "FollowFileSymlinks yes"; + $conf[] = "# perform a database check.(sec) [3600 sec = 60 min]"; + $conf[] = "SelfCheck 3600"; + $conf[] = "# detect possibly unwanted applications."; + $conf[] = "DetectPUA no"; // Possibly unwanted applications + $conf[] = "AlgorithmicDetection yes"; + // Broken executables scanning + $conf[] = "# executable"; + if ($havp_config[F_SCANBROKENEXE] === 'true') { + $conf[] = "DetectBrokenExecutables yes"; + } else { + $conf[] = "DetectBrokenExecutables no"; + } + // Other scanner options + $conf[] = "ScanPE yes"; + $conf[] = "ScanELF yes"; + $conf[] = "# documents"; + $conf[] = "ScanOLE2 yes"; + $conf[] = "ScanPDF yes"; + $conf[] = "# email"; + $conf[] = "ScanMail yes"; + $conf[] = "MailFollowURLs no"; + $conf[] = "PhishingSignatures yes"; + $conf[] = "PhishingScanURLs yes"; + $conf[] = "PhishingAlwaysBlockSSLMismatch no"; + $conf[] = "PhishingAlwaysBlockCloak no"; + $conf[] = "# html"; + $conf[] = "ScanHTML yes"; + $conf[] = "# archives"; + $conf[] = "ScanArchive yes"; + $conf[] = "ArchiveBlockEncrypted no"; + $conf[] = "# limits"; + $conf[] = "MaxScanSize 50M"; + $conf[] = "MaxFileSize 30M"; + $conf[] = "MaxRecursion 255"; + $conf[] = "MaxFiles 10000"; + // User/Group + $conf[] = "\n# system"; + $conf[] = "User root"; // HVDEF_USER; must have full access to files for scan + $conf[] = "AllowSupplementaryGroups yes"; + $conf[] = "Debug " . (HV_DEBUG === 'true' ? "yes" : "no"); + $conf[] = ""; + return implode("\n", $conf); } -# ------------------------------------------------------------------------------ -# FreshClamAV config -# ------------------------------------------------------------------------------ -function havp_config_freshclam() -{ - global $havp_config; - $pfconf = $havp_config; - $conf = array(); - - $conf[] = -"# ============================================================================== -# freshclam(HAVP) config file -# This file generated automaticly with HAVP configurator (part of pfSense) -# (C)2008 Serg Dvoriancev +/* +* ------------------------------------------------------------------------------ +* FreshClam config +* ------------------------------------------------------------------------------ +*/ +function havp_config_freshclam() { + global $havp_config; + $pfconf = $havp_config; + $conf = array(); + + $conf[] = <<< EOF +# ============================================================================== +# Freshclam config file +# This file generated with HAVP configurator (part of pfSense) +# DO NOT EDIT manually, changes will be overwritten! +# (C) 2008 Serg Dvoriancev # email: dv_serg@mail.ru # ============================================================================== -"; - $conf[] = "DatabaseDirectory /var/db/clamav"; - - # log - - $conf[] = "LogFileMaxSize 2M"; - $conf[] = "LogTime yes"; - $conf[] = "LogVerbose " . ( HV_DEBUG === "true" ? "yes" : "no" ); - $conf[] = "LogFacility LOG_LOCAL6"; # LOG_LOCAL6 | LOG_MAIL - $conf[] = "\n# syslog"; - - # Syslog - $is_syslog = ($pfconf[F_AVSETLOG] === 'true') && ($pfconf[F_AVSETSYSLOG] === 'true'); - $conf[] = "LogSyslog " . ( $is_syslog ? 'yes' : 'no'); - unset ($is_syslog); - - # log - # freshclam for 1.2.x have a bug with logfile permissions; now disable logfile for 1.2.x - only syslog - $is_log = (pfsense_version_() != "1") && ($pfconf[F_AVSETLOG] === 'true'); - if ($is_log) { - $conf[] = "UpdateLogFile " . HVDEF_FRESHCLAM_LOG; - } else { - $conf[] = "# for pfsense 1.2.x Log disabled - permission bug exists!"; - } - unset ($is_log); - - $conf[] = "\n# pid"; - $conf[] = "PidFile /var/run/clamav/freshclam.pid"; - - $conf[] = "\n# db"; - $conf[] = "DatabaseOwner havp"; - $conf[] = "AllowSupplementaryGroups yes"; - $conf[] = "DNSDatabaseInfo current.cvd.clamav.net"; - - $avsrv = $pfconf[F_AVUPDATESERVER]; - $avsrv = explode(" ", trim($avsrv)); - - foreach ($avsrv as $asr) - if (!empty($asr)) - $conf[] = "DatabaseMirror $asr"; - - # regional mirror - if (!empty($pfconf[F_DBREGION])) { - $conf[] = '# regional db'; +EOF; + $conf[] = "DatabaseDirectory /var/db/clamav"; + // Log + $conf[] = "LogFileMaxSize 2M"; + $conf[] = "LogTime yes"; + $conf[] = "LogVerbose " . ( HV_DEBUG === "true" ? "yes" : "no" ); + $conf[] = "LogFacility LOG_LOCAL6"; // LOG_LOCAL6 | LOG_MAIL + // Syslog + $conf[] = "\n# syslog"; + $is_syslog = ($pfconf[F_AVSETLOG] === 'true') && ($pfconf[F_AVSETSYSLOG] === 'true'); + $conf[] = "LogSyslog " . ( $is_syslog ? 'yes' : 'no'); + unset ($is_syslog); + // Update log + $conf[] = "UpdateLogFile " . HVDEF_FRESHCLAM_LOG; + // Other options + $conf[] = "\n# pid"; + $conf[] = "PidFile /var/run/clamav/freshclam.pid"; + $conf[] = "\n# db"; + $conf[] = "DatabaseOwner havp"; + $conf[] = "AllowSupplementaryGroups yes"; + $conf[] = "DNSDatabaseInfo current.cvd.clamav.net"; + + $avsrv = $pfconf[F_AVUPDATESERVER]; + $avsrv = explode(" ", trim($avsrv)); + + foreach ($avsrv as $asr) { + if (!empty($asr)) { + $conf[] = "DatabaseMirror $asr"; + } + } + + // Regional mirrors + if (!empty($pfconf[F_DBREGION])) { + $conf[] = '# regional db'; switch($pfconf[F_DBREGION]) { - case 'au': $conf[] = "DatabaseMirror clamav.mirror.ayudahosting.com.au"; break; # australia - case 'ca': $conf[] = "DatabaseMirror clamav.mirror.rafal.ca"; break; # canada - case 'cn': $conf[] = "DatabaseMirror 4most2.clamav.ialfa.net"; break; # china - case 'eu': $conf[] = "DatabaseMirror clamav.edpnet.net"; break; # europe - case 'id': $conf[] = "DatabaseMirror db.clamav.or.id"; break; # indonesia - case 'jp': $conf[] = "DatabaseMirror clamavdb2.ml-club.jp"; break; # japan - case 'kr': $conf[] = "DatabaseMirror clamav.hostway.co.kr"; break; # korea - case 'ml': $conf[] = "DatabaseMirror clamav.doubleukay.com"; break; # malaysia - case 'ru': $conf[] = "DatabaseMirror clamav.citrin.ru"; break; # russia - case 'sa': $conf[] = "DatabaseMirror clamav.dial-up.net"; break; # south africa - case 'tw': $conf[] = "DatabaseMirror clamav.cs.pu.edu.tw"; break; # taiwan - case 'uk': $conf[] = "DatabaseMirror clamav.oucs.ox.ac.uk"; break; # united kingdom - case 'us': $conf[] = "DatabaseMirror db.us.clamav.net "; break; # united states + case 'au': $conf[] = "DatabaseMirror db.au.clamav.net"; break; // Australia + case 'ca': $conf[] = "DatabaseMirror db.ca.clamav.net"; break; // Canada + case 'cn': $conf[] = "DatabaseMirror db.cn.clamav.net"; break; // China + case 'eu': $conf[] = "DatabaseMirror db.europe.clamav.net"; break; // Europe + case 'id': $conf[] = "DatabaseMirror db.id.clamav.net"; break; // Indonesia + case 'jp': $conf[] = "DatabaseMirror db.jp.clamav.net"; break; // Japan + case 'kr': $conf[] = "DatabaseMirror db.kr.clamav.net"; break; // Korea + case 'ml': $conf[] = "DatabaseMirror db.ml.clamav.net"; break; // Malaysia + case 'ru': $conf[] = "DatabaseMirror db.ru.clamav.net"; break; // Russia + case 'sa': $conf[] = "DatabaseMirror db.sa.clamav.net"; break; // South Africa + case 'tw': $conf[] = "DatabaseMirror db.tw.clamav.net"; break; // Taiwan + case 'uk': $conf[] = "DatabaseMirror db.uk.clamav.net"; break; // United kingdom + case 'us': $conf[] = "DatabaseMirror db.us.clamav.net"; break; // United states default: break; } } - $conf[] = "DatabaseMirror db.at.clamav.net"; - $conf[] = "DatabaseMirror db.au.clamav.net"; - $conf[] = "DatabaseMirror db.ba.clamav.net"; - $conf[] = "DatabaseMirror db.be.clamav.net"; - $conf[] = "DatabaseMirror db.ca.clamav.net"; - $conf[] = "DatabaseMirror db.ch.clamav.net"; - $conf[] = "DatabaseMirror db.cn.clamav.net"; - $conf[] = "DatabaseMirror db.cr.clamav.net"; - $conf[] = "DatabaseMirror db.cy.clamav.net"; - $conf[] = "DatabaseMirror db.cz.clamav.net"; - $conf[] = "DatabaseMirror db.de.clamav.net"; - $conf[] = "DatabaseMirror db.dk.clamav.net"; - $conf[] = "DatabaseMirror db.ec.clamav.net"; - $conf[] = "DatabaseMirror db.ee.clamav.net"; - $conf[] = "DatabaseMirror db.es.clamav.net"; - $conf[] = "DatabaseMirror db.fi.clamav.net"; - $conf[] = "DatabaseMirror db.fr.clamav.net"; - $conf[] = "DatabaseMirror db.gr.clamav.net"; - $conf[] = "DatabaseMirror db.hk.clamav.net"; - $conf[] = "DatabaseMirror db.hu.clamav.net"; - $conf[] = "DatabaseMirror db.id.clamav.net"; - $conf[] = "DatabaseMirror db.ie.clamav.net"; - $conf[] = "DatabaseMirror db.it.clamav.net"; - $conf[] = "DatabaseMirror db.jp.clamav.net"; - $conf[] = "DatabaseMirror db.kr.clamav.net"; - $conf[] = "DatabaseMirror db.li.clamav.net"; - $conf[] = "DatabaseMirror db.lt.clamav.net"; - $conf[] = "DatabaseMirror db.lv.clamav.net"; - $conf[] = "DatabaseMirror db.mt.clamav.net"; - $conf[] = "DatabaseMirror db.my.clamav.net"; - $conf[] = "DatabaseMirror db.ml.clamav.net"; - $conf[] = "DatabaseMirror db.no.clamav.net"; - $conf[] = "DatabaseMirror db.pl.clamav.net"; - $conf[] = "DatabaseMirror db.pt.clamav.net"; - $conf[] = "DatabaseMirror db.ro.clamav.net"; - $conf[] = "DatabaseMirror db.ru.clamav.net"; - $conf[] = "DatabaseMirror db.se.clamav.net"; - $conf[] = "DatabaseMirror db.sk.clamav.net"; - $conf[] = "DatabaseMirror db.th.clamav.net"; - $conf[] = "DatabaseMirror db.tr.clamav.net"; - $conf[] = "DatabaseMirror db.tw.clamav.net"; - $conf[] = "DatabaseMirror db.ua.clamav.net"; - $conf[] = "DatabaseMirror db.uk.clamav.net"; - $conf[] = "DatabaseMirror db.za.clamav.net"; - - $conf[] = "\n# DO NOT TOUCH the following line "; - $conf[] = "DatabaseMirror database.clamav.net"; - - $conf[] = "\n# Number of database checks per day. Default: 12 (every two hours)"; - $chks = 0; - $conf[] = "Checks $chks"; - - $conf[] = "# notification"; - $conf[] = "OnUpdateExecute date \"+%Y.%m.%d %H:%M:%S Antivirus update success\" > " . HVDEF_FRESHCLAM_STATUS_FILE; - $conf[] = "OnErrorExecute date \"+%Y.%m.%d %H:%M:%S Antivirus update error\" > " . HVDEF_FRESHCLAM_STATUS_FILE; - - $conf[] = "Debug " . (HV_DEBUG === 'true' ? "yes" : "no"); - -# $conf[] = "# Proxy settings"; # future + $conf[] = "DatabaseMirror db.at.clamav.net"; + $conf[] = "DatabaseMirror db.au.clamav.net"; + $conf[] = "DatabaseMirror db.ba.clamav.net"; + $conf[] = "DatabaseMirror db.be.clamav.net"; + $conf[] = "DatabaseMirror db.ca.clamav.net"; + $conf[] = "DatabaseMirror db.ch.clamav.net"; + $conf[] = "DatabaseMirror db.cn.clamav.net"; + $conf[] = "DatabaseMirror db.cr.clamav.net"; + $conf[] = "DatabaseMirror db.cy.clamav.net"; + $conf[] = "DatabaseMirror db.cz.clamav.net"; + $conf[] = "DatabaseMirror db.de.clamav.net"; + $conf[] = "DatabaseMirror db.dk.clamav.net"; + $conf[] = "DatabaseMirror db.ec.clamav.net"; + $conf[] = "DatabaseMirror db.ee.clamav.net"; + $conf[] = "DatabaseMirror db.es.clamav.net"; + $conf[] = "DatabaseMirror db.fi.clamav.net"; + $conf[] = "DatabaseMirror db.fr.clamav.net"; + $conf[] = "DatabaseMirror db.gr.clamav.net"; + $conf[] = "DatabaseMirror db.hk.clamav.net"; + $conf[] = "DatabaseMirror db.hu.clamav.net"; + $conf[] = "DatabaseMirror db.id.clamav.net"; + $conf[] = "DatabaseMirror db.ie.clamav.net"; + $conf[] = "DatabaseMirror db.it.clamav.net"; + $conf[] = "DatabaseMirror db.jp.clamav.net"; + $conf[] = "DatabaseMirror db.kr.clamav.net"; + $conf[] = "DatabaseMirror db.li.clamav.net"; + $conf[] = "DatabaseMirror db.lt.clamav.net"; + $conf[] = "DatabaseMirror db.lv.clamav.net"; + $conf[] = "DatabaseMirror db.mt.clamav.net"; + $conf[] = "DatabaseMirror db.my.clamav.net"; + $conf[] = "DatabaseMirror db.ml.clamav.net"; + $conf[] = "DatabaseMirror db.no.clamav.net"; + $conf[] = "DatabaseMirror db.pl.clamav.net"; + $conf[] = "DatabaseMirror db.pt.clamav.net"; + $conf[] = "DatabaseMirror db.ro.clamav.net"; + $conf[] = "DatabaseMirror db.ru.clamav.net"; + $conf[] = "DatabaseMirror db.se.clamav.net"; + $conf[] = "DatabaseMirror db.sk.clamav.net"; + $conf[] = "DatabaseMirror db.th.clamav.net"; + $conf[] = "DatabaseMirror db.tr.clamav.net"; + $conf[] = "DatabaseMirror db.tw.clamav.net"; + $conf[] = "DatabaseMirror db.ua.clamav.net"; + $conf[] = "DatabaseMirror db.uk.clamav.net"; + $conf[] = "DatabaseMirror db.za.clamav.net"; + + $conf[] = "\n# DO NOT TOUCH the following line "; + $conf[] = "DatabaseMirror database.clamav.net"; + // Updates frequency + $conf[] = "\n# Number of database checks per day. Default: 12 (every two hours)"; + $chks = 0; + $conf[] = "Checks $chks"; + // Notifications + $conf[] = "# notification"; + $conf[] = "OnUpdateExecute /bin/date \"+%Y.%m.%d %H:%M:%S Antivirus update success\" > " . HVDEF_FRESHCLAM_STATUS_FILE; + $conf[] = "OnErrorExecute /bin/date \"+%Y.%m.%d %H:%M:%S Antivirus update error\" > " . HVDEF_FRESHCLAM_STATUS_FILE; + // Debug + $conf[] = "Debug " . (HV_DEBUG === 'true' ? "yes" : "no"); + + /* + * ------------------------------------------------------------------------------ + * TODO: Proxy settings, GUI notifications... + * ------------------------------------------------------------------------------ + $conf[] = <<< EOF +# Proxy settings #HTTPProxyServer myproxy.com #HTTPProxyPort 1234 #HTTPProxyUsername myusername #HTTPProxyPassword mypass -# MAKE GUI Errors display +# Make GUI display errors # Run command when database update process fails. # Default: disabled #OnErrorExecute command @@ -981,766 +1018,603 @@ function havp_config_freshclam() # In the command string %v will be replaced by the new version number. # Default: disabled #OnOutdatedExecute command +EOF; + * ------------------------------------------------------------------------------ + */ -# Enable debug messages in libclamav. -# Default: disabled -#Debug yes - - # use google safesearch AV database - $conf[] = "SafeBrowsing yes"; + // Use Google Safebrowsing database + $conf[] = "SafeBrowsing yes"; - $conf[] = ""; - return implode("\n", $conf); + $conf[] = ""; + return implode("\n", $conf); } -# ------------------------------------------------------------------------------ -# configure squid -function havp_configure_squid() -{ +/* +* ------------------------------------------------------------------------------ +* Configure Squid +* ------------------------------------------------------------------------------ +*/ +function havp_configure_squid() { global $config, $havp_config; $new_opt = array(); - $on_configure = ($havp_config[F_PROXYMODE] === 'squid' ? true : false); - - if (!isset($config['installedpackages']['squid']['config'][0]['custom_options'])) return; - - if ($on_configure === true) { - $new_opt[] = "never_direct allow all"; - $new_opt[] = "cache_peer 127.0.0.1 parent {$havp_config[F_PROXYPORT]} 0 name=havp no-query no-digest no-netdb-exchange default"; - } - - # copy options, but not 'cache_peer' option - $cust_opt = explode(";", $config['installedpackages']['squid']['config'][0]['custom_options']); - foreach($cust_opt as $key => $val) { - if (strpos($val, "never_direct") !== false) continue; - if (strpos($val, "cache_peer 127.0.0.1 parent") !== false) continue; - $new_opt[] = $val; - } - - $new_opt = implode(";", $new_opt); - if (/*is_package_installed('squid') && */file_exists('/usr/local/pkg/squid.inc')) { - # squid config update - $config['installedpackages']['squid']['config'][0]['custom_options'] = $new_opt; - - # disable upstream proxy - if ($on_configure === true) - $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding'] = ''; - - write_config('Update redirector options to squid config.'); - require_once('squid.inc'); - squid_resync(); - } + $on_configure = ($havp_config[F_PROXYMODE] === 'squid' ? true : false); + + if (!isset($config['installedpackages']['squid']['config'][0]['custom_options'])) { + return; + } + + if ($on_configure === true) { + $new_opt[] = "never_direct allow all"; + $new_opt[] = "cache_peer 127.0.0.1 parent {$havp_config[F_PROXYPORT]} 0 name=havp no-query no-digest no-netdb-exchange default"; + } + + /* Copy options, but not 'cache_peer' option */ + $cust_opt = explode(";", $config['installedpackages']['squid']['config'][0]['custom_options']); + foreach($cust_opt as $key => $val) { + if (strpos($val, "never_direct") !== false) { + continue; + } + if (strpos($val, "cache_peer 127.0.0.1 parent") !== false) { + continue; + } + $new_opt[] = $val; + } + + $new_opt = implode(";", $new_opt); + if (file_exists('/usr/local/pkg/squid.inc')) { + // Squid config update + $config['installedpackages']['squid']['config'][0]['custom_options'] = $new_opt; + + // Disable upstream proxy + if ($on_configure === true) { + $config['installedpackages']['squidupstream']['config'][0]['proxy_forwarding'] = ''; + } + + write_config('HAVP: Updated redirector options in Squid config.'); + + require_once('squid.inc'); + squid_resync(); + } } -# ------------------------------------------------------------------------------ -function havp_whitelist_def() -{ - $whitelist = array(); - - $whitelist[] = "*sourceforge.net/*clamav-*"; - $whitelist[] = "*pfsense.com/*"; - $whitelist[] = "*.microsoft.com/*"; - $whitelist[] = "*.windowsupdate.com/*"; # M$ & M$ update - # media and image extensions - $whitelist[] = "*/*.gif\n*/*.swf\n*/*.png\n*/*.jpg\n*/*.jpeg\n*/*.mov\n*/*.avi\n*/*.flv\n*/*.bmp\n*/*.ico\n*/*.pdf\n*/*.mp3\n*/*.wma\n*/*.wmv\n*/*.ogg"; - - return implode("\n", $whitelist); +/* +* ------------------------------------------------------------------------------ +* Default whitelist +* ------------------------------------------------------------------------------ +*/ +function havp_whitelist_def() { + $whitelist = array(); + + $whitelist[] = "*sourceforge.net/*clamav-*"; + $whitelist[] = "*pfsense.org/*"; + // Microsoft & Windows Update + $whitelist[] = "*.microsoft.com/*"; + $whitelist[] = "*.windowsupdate.com/*"; + // Media and image extensions + $whitelist[] = "*/*.gif\n*/*.swf\n*/*.png\n*/*.jpg\n*/*.jpeg\n*/*.mov\n*/*.avi\n*/*.flv\n*/*.bmp\n*/*.ico\n*/*.pdf\n*/*.mp3\n*/*.wma\n*/*.wmv\n*/*.ogg"; + + return implode("\n", $whitelist); } -# ============================================================================== -# Utils -# ============================================================================== -function havp_set_file_access($dir, $owner, $mod) -{ - if ( file_exists($dir) ) { - mwexec("chgrp -R -v $owner $dir"); - mwexec("chown -R -v $owner $dir"); - if (!empty($mod)) { - mwexec( "chmod -R -v $mod $dir"); - } - } +/* +* ============================================================================== +* Utils +* ============================================================================== +*/ +function havp_set_file_access($dir, $owner, $mod) { + if (file_exists($dir)) { + mwexec("/usr/bin/chgrp -R -v $owner $dir"); + mwexec("/usr/sbin/chown -R -v $owner $dir"); + if (!empty($mod)) { + mwexec( "/bin/chmod -R -v $mod $dir"); + } + } } -# ------------------------------------------------------------------------------ -# Src from squid.inc Copyright (C) 2006 Scott Ullrich, Fernando Lemos -function get_real_interface_address($iface) -{ - global $config; - if ($iface === 'localhost') return array('127.0.0.1', ''); +function get_real_interface_address($iface) { + global $config; - $iface = convert_friendly_interface_to_real_interface_name($iface); - $line = trim(shell_exec("ifconfig $iface | grep inet | grep -v inet6")); - list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); + if ($iface === 'localhost') { + return array('127.0.0.1', ''); + } - return array($ip, long2ip(hexdec($netmask))); -} -#------------------------------------------------------------------------------- -# *** check black/white list domain *** -# Lines can hold URLs with wildcards with following rules: -# Line must cointain Domain/Path -# Domains can have a wildcard at begin. -# Pages can hav a wildcard at begin and end. -# URLs without wildcards are exact -# Examples: -# (1) www.server-side.de (Only this URL is whitelisted) -# (2) www.server-side.de/* (Domain is completely whitelisted) -# (3) *server-side.de/index.html -# (4) */*.gif (All .gif are whitelisted) -# (5) www.server-side.de/novirus* -# (6) www.server-side.de/*novirus* -#------------------------------------------------------------------------------- -function check_bw_domain($_dm) -{ - $domain = ""; - $path = ""; - - if (!is_string($_dm)) return false; - - $pos = strpos($_dm, "/"); - if ($pos === false) { - $domain = $_dm; - $path = ""; - } - else { - $domain = substr($_dm, 0, $pos); - $path = substr($_dm, $pos+1); - } - - # Domains can have a wildcard at begin '*domain.xx' - *my.domain.com - # Path can have a wildcard(*) at begin and end '*xxx*' - # Regex: * - {0,}; + - {1,}; ? = {0,1} - $df = "[a-zA-Z0-9\-]"; - $dm_fmt = "^((\*)|(\*\.))?($df+\.)+$df{2,}$"; # d.com *d.com *.d.com - $ph_fmt = "^((\*)|((\*)?([^\*]+)(\*)?))$"; # *path* - - if (empty($path)) { - # d.com *d.com *.d.com - return eregi($dm_fmt, $domain); - } - else { - if (!empty($domain)) { - return (($domain === '*') || eregi($dm_fmt, $domain)) && eregi($ph_fmt, $path); - } - } - - return false; -} + $iface = convert_friendly_interface_to_real_interface_name($iface); + $line = trim(shell_exec("/sbin/ifconfig $iface | /usr/bin/grep inet | /usr/bin/grep -v inet6")); + list($dummy, $ip, $dummy2, $netmask) = explode(" ", $line); -# ------------------------------------------------------------------------------ -# cron -# ------------------------------------------------------------------------------ -# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command' -# -function havp_setup_cron($task_key, $options, $on_off) -{ - global $config; - $cron_item = array(); - - # $on_off = TRUE/FALSE - install/deinstall cron task: - # prepare new cron item - if (is_array($options)) { - $cron_item['minute'] = $options[0]; - $cron_item['hour'] = $options[1]; - $cron_item['mday'] = $options[2]; - $cron_item['month'] = $options[3]; - $cron_item['wday'] = $options[4]; - $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody'; - $cron_item['command'] = $options[6]; - } - - # unset old cron task with $task_key - if (!empty($task_key)) { - $flag_cron_upd = false; - # delete old cron task if exists - if (is_array($config['cron']['item'])) { - foreach($config['cron']['item'] as $key => $val) { - if (strpos($config['cron']['item'][$key]['command'], $task_key) !== false) { - unset($config['cron']['item'][$key]); - $flag_cron_upd = true; - break; - } - } - } - - # set new cron task - if (($on_off === true) and !empty($cron_item)) { - $config['cron']['item'][] = $cron_item; - $flag_cron_upd = true; - } - - # write config and configure cron only if cron task modified - if ($flag_cron_upd === true) { - write_config("Installed cron task '$task_key' for 'havp' package"); - configure_cron(); - } - } - else { - # ! error $name ! - return; - } + return array($ip, long2ip(hexdec($netmask))); } -# ------------------------------------------------------------------------------ -# filter rules -# ------------------------------------------------------------------------------ -function havp_generate_rules($type = 'filter') -{ - # pfSense v.2.x - welcome ! - - # 'nat' 'filter' - global $config, $havp_config; - $rules = array(); - - # no rules if havp disabled - if ($havp_config[F_ENABLE] !== 'true') { - return ''; - } - - $proxymode = $havp_config[F_PROXYMODE]; - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # =-= HAVP always listen 127.0.0.1:port =-= - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - # Proxy mode: - # Standard - Filter: Rdr ifaces:port => 127.0.0.1:port - # Parent for Squid - Filter: No - # Transparent - Filter: Rdr ifaces:port => 127.0.0.1:port; - # Rdr Any Http => 127.0.0.1:port + Allow Http traffic via iface - # If Squid transparent, then as Standard. - # Internal - Filter: No - # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - $proxybindiface = 'lo0'; # 127.0.0.1 - $ifaces = array_map('convert_friendly_interface_to_real_interface_name', explode(',', $havp_config[F_PROXYINTERFACE])); - $proxyport = ( $havp_config[F_PROXYPORT] ? $havp_config[F_PROXYPORT] : HVDEF_PROXYPORT ); - - # squid already transparent - $squid_transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); - if (($proxymode === 'transparent') && $squid_transparent_proxy) { - $proxymode = 'standard'; - log_error("Havp: Squid is already configured as transparent proxy. Use 'Standard' proxy mode."); - } - - # nat - if ($type == 'nat') { - $rules[] = ""; - $rules[] = "# havp proxy ifaces redirect"; - foreach($ifaces as $iface) { - switch($proxymode) { - case 'transparent': - # rdr any http => localhost:port - $rules[] = "rdr on $iface proto tcp from any to !($iface) port 80 -> $proxybindiface port $proxyport"; - case 'standard': - case 'squid': - # rdr iface:port => localhost:port - $rules[] = "rdr on $iface proto tcp from any to ($iface) port $proxyport -> $proxybindiface port $proxyport"; - break; - # no more rdr - case 'internal': - default: break; - } - } - $rules[] = ""; - } - - # filter - if ($type == 'filter' || $type == 'rule') { - $rules[] = ""; - $rules[] = "# havp proxy ifaces rules"; - foreach($ifaces as $iface) { - switch($proxymode) { - case 'transparent': - # pass http on iface - $rules[] = "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state"; - break; - # no more rules - case 'standard': - case 'squid': - case 'internal': - default: break; - } - } - $rules[] = ""; - } - - if ($type == 'pfearly') { - - } - - if ($type == 'pflate') { - - } - - # test - # file_put_contents("/tmp/havp_".$type, "state: $proxymode\n" . implode("\n", $rules)); - - return implode("\n", $rules); +/* +* ------------------------------------------------------------------------------- +* Check blacklist/whitelist domains +* ------------------------------------------------------------------------------- +*/ +// Lines can hold URLs with wildcards with following rules: +// Line must contain domain/path +// Domains may begin with a wildcard +// Paths may begin and/or end with a wildcard +// URLs without wildcards are exact match +// Examples: +// (1) www.server-side.de (Only this URL is whitelisted) +// (2) www.server-side.de/* (Domain is completely whitelisted) +// (3) *server-side.de/index.html +// (4) */*.gif (All .gif files are whitelisted) +// (5) www.server-side.de/novirus* +// (6) www.server-side.de/*novirus* +/* +* ------------------------------------------------------------------------------- +*/ +function check_bw_domain($_dm) { + $domain = ""; + $path = ""; + + if (!is_string($_dm)) { + return false; + } + + $pos = strpos($_dm, "/"); + if ($pos === false) { + $domain = $_dm; + $path = ""; + } else { + $domain = substr($_dm, 0, $pos); + $path = substr($_dm, $pos+1); + } + + // Domains may begin with a wildcard: '*domain.xx' - *my.domain.com + // Paths may begin and/or end with a wildcard: '*xxx*' + // Regex: * - {0,}; + - {1,}; ? = {0,1} + $df = "[a-zA-Z0-9\-]"; + $dm_fmt = "/^((\*)|(\*\.))?($df+\.)+$df{2,}$/i"; // d.com *d.com *.d.com + $ph_fmt = "/^((\*)|((\*)?([^\*]+)(\*)?))$/i"; // *path* + + if (empty($path)) { + // d.com *d.com *.d.com + return preg_match($dm_fmt, $domain); + } else { + if (!empty($domain)) { + return (($domain === '*') || preg_match($dm_fmt, $domain)) && preg_match($ph_fmt, $path); + } + } + + return false; } -# ------------------------------------------------------------------------------ -function havp_filter_update_3() -{ - # for 1.x only - if (pfsense_version_() != '1') return; - - $rules_file = '/tmp/rules.debug'; - if (file_exists($rules_file)) { - $newrules = array(); - $rules = file_get_contents($rules_file); - $rules = explode("\n", $rules); - - foreach($rules as $val) { - $newrules[] = $val; - # rdr - if (trim($val) === "rdr-anchor \"miniupnpd\"") { - $newrules[] = "# havp rdr"; - $newrules[] = havp_generate_rules('nat'); - $newrules[] = ""; - } - # rules - elseif(trim($val) === "anchor \"miniupnpd\"") { - $newrules[] = "# havp rules"; - $newrules[] = havp_generate_rules('filter'); - $newrules[] = ""; - } - $rules = implode("\n", $newrules); - } - file_put_contents($rules_file, $rules); - mwexec("pfctl -f $rules_file"); - } +/* +* ------------------------------------------------------------------------------ +* Filter rules +* ------------------------------------------------------------------------------ +*/ +function havp_generate_rules($type) { + + global $config, $havp_config; + $rules = array(); + + // Do not configure any rules if HAVP is disabled + if ($havp_config[F_ENABLE] !== 'true') { + return ''; + } + + $proxymode = $havp_config[F_PROXYMODE]; + /* + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * HAVP always listens on 127.0.0.1:port + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * Proxy mode: + * Standard - Filter: rdr ifaces:port => 127.0.0.1:port + * Parent for Squid - Filter: No + * Transparent - Filter: rdr ifaces:port => 127.0.0.1:port; + * rdr any http => 127.0.0.1:port + allow http traffic via iface + * If Squid transparent, then as Standard. + * Internal - Filter: No + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + */ + + $proxybindiface = 'lo0'; // 127.0.0.1 + $ifaces = array_map('convert_friendly_interface_to_real_interface_name', explode(',', $havp_config[F_PROXYINTERFACE])); + $proxyport = ($havp_config[F_PROXYPORT] ? $havp_config[F_PROXYPORT] : HVDEF_PROXYPORT); + + // Squid already transparent + $squid_transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); + if (($proxymode === 'transparent') && $squid_transparent_proxy) { + $proxymode = 'standard'; + log_error("HAVP: Squid is already configured as transparent proxy. Use 'Standard' proxy mode."); + } + + // NAT + if ($type == 'nat') { + $rules[] = ""; + $rules[] = "# havp proxy ifaces redirect"; + foreach ($ifaces as $iface) { + switch ($proxymode) { + case 'transparent': + // rdr any http => localhost:port + $rules[] = "rdr on $iface proto tcp from any to !($iface) port 80 -> $proxybindiface port $proxyport"; + case 'standard': + case 'squid': + // rdr iface:port => localhost:port + $rules[] = "rdr on $iface proto tcp from any to ($iface) port $proxyport -> $proxybindiface port $proxyport"; + break; + // No more rdr + case 'internal': + default: break; + } + } + $rules[] = ""; + } + + // Filter + if ($type == 'filter' || $type == 'rule') { + $rules[] = ""; + $rules[] = "# havp proxy ifaces rules"; + foreach ($ifaces as $iface) { + switch ($proxymode) { + case 'transparent': + // Pass http on iface + $rules[] = "pass in quick on $iface proto tcp from any to !($iface) port 80 flags S/SA keep state"; + break; + // No more rules + case 'standard': + case 'squid': + case 'internal': + default: break; + } + } + $rules[] = ""; + } + + return implode("\n", $rules); } -# ------------------------------------------------------------------------------ -function havp_update_AV() -{ - # AV update script - file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script()); - havp_set_file_access(HVDEF_AVUPD_SCRIPT, HVDEF_AVUSER, '0755'); - mwexec_bg(HVDEF_AVUPD_SCRIPT); # run update background +/* AV update script */ +function havp_update_AV() { + file_put_contents(HVDEF_AVUPD_SCRIPT, havp_AVupdate_script()); + havp_set_file_access(HVDEF_AVUPD_SCRIPT, HVDEF_AVUSER, '0755'); + // Run update in background + mwexec_bg(HVDEF_AVUPD_SCRIPT); } -# ============================================================================== -# Scripts -# ============================================================================== -# AV update script -function havp_AVupdate_script() -{ -$f = HVDEF_UPD_STATUS_FILE; -$u = HVDEF_FRESHCLAM_STATUS_FILE; -return <<<EOD +/* +* ============================================================================== +* Scripts +* ============================================================================== +*/ +/* AV update script */ +function havp_AVupdate_script() { + $hvdef_freshclam_path = HVDEF_FRESHCLAM_PATH; + $hvdef_sigtool_path = HVDEF_SIGTOOL_PATH; + $f = HVDEF_UPD_STATUS_FILE; + $u = HVDEF_FRESHCLAM_STATUS_FILE; + return <<< EOD #!/bin/sh -date +"%Y.%m.%d %H:%M:%S Antivirus update started." > $f -date +"%Y.%m.%d %H:%M:%S Antivirus database already is updated." > $u -/usr/local/bin/freshclam +/bin/date +"%Y.%m.%d %H:%M:%S Antivirus update started." > $f +/bin/date +"%Y.%m.%d %H:%M:%S Antivirus database already is updated." > $u +{$hvdef_freshclam_path} wait -cat $u >> $f -/usr/local/bin/sigtool --unpack-current daily.cvd -/usr/local/bin/sigtool --unpack-current main.cvd +/bin/cat $u >> $f +{$hvdef_sigtool_path} --unpack-current daily.cvd +{$hvdef_sigtool_path} --unpack-current main.cvd wait -date +"%Y.%m.%d %H:%M:%S Antivirus update end." >> $f +/bin/date +"%Y.%m.%d %H:%M:%S Antivirus update end." >> $f EOD; } -# ------------------------------------------------------------------------------ -# HAVP service startup script -function havp_startup_script() -{ - global $havp_config; - $pid = HVDEF_PID_FILE; - $havpchk = "ps auxw | grep \"[h]avp -c\"|awk '{print $2}'"; - $clamdchk = "ps auxw | grep \"[c]lamd -c\"|awk '{print $2}'"; - - # rc script - $rc = array(); - $rc['file'] = basename(HVDEF_HAVP_STARTUP_SCRIPT); - - $s[] = "\t# init"; - $s[] = "\techo 'Starting ..' > " . HVDEF_HAVP_STATUS_FILE; - - $s[] = "\t# start"; - $s[] = "\tif [ -z \"`{$havpchk}`\" ];then"; - if ($havp_config[F_USECLAMD] === 'true') { - $clampid_dir = HVDEF_CLAM_RUNDIR; - $s[] = "\t\t# start clamd before (to be sure)"; - $s[] = "\t\t" . HVDEF_CLAM_STARTUP_SCRIPT . " start"; - $s[] = "\t\tsleep 2"; - $s[] = ""; - - $s[] = "\t\t# if clamd started"; - $s[] = "\t\tif [ -n \"`{$clamdchk}`\" ];then"; - $s[] = "\t\t\t# Waiting CLAMD"; - $s[] = "\t\t\techo -n \"Waiting CLAMD \""; - $s[] = "\t\t\techo 'Waiting CLAMD' > " . HVDEF_HAVP_STATUS_FILE; - $s[] = "\t\t\twhile [ \"`{$clamdchk}`\" != \"`/bin/cat {$clampid_dir}/clamd.pid`\" ];do"; - $s[] = "\t\t\t\techo -n '.'"; - $s[] = "\t\t\t\tsleep 1"; - $s[] = "\t\t\tdone"; - $s[] = "\t\t\techo"; - $s[] = "\t\tfi"; - $s[] = ""; - } - $s[] = "\t\t/usr/local/sbin/havp -c " . HVDEF_HAVP_CONFIG . " 2>/dev/null"; - $s[] = "\t\twait"; - $s[] = "\tfi"; - - $s[] = "\t# Status"; - $s[] = "\tif [ -z \"`{$havpchk}`\" ];then"; - $s[] = "\t\techo 'Stopped' > " . HVDEF_HAVP_STATUS_FILE; - $s[] = "\telse"; - $s[] = "\t\techo 'Started' > " . HVDEF_HAVP_STATUS_FILE; - $s[] = "\tfi"; - - $s[] = ""; - $rc['start'] = implode("\n", $s); - unset($s); - - $s[] = "# stop"; - $s[] = "\t killall havp 2>/dev/null"; - $s[] = "\t sleep 2"; - $s[] = "\t killall -9 havp 2>/dev/null"; - $s[] = "\t wait"; - $s[] = "\t echo 'Stopped' > " . HVDEF_HAVP_STATUS_FILE; - $s[] = ""; - $rc['stop'] = implode("\n", $s); - unset($s); - - # we don't use start if package disabled - if ($havp_config[F_ENABLE] !== 'true') { - $rc['start'] = "\t echo 'Disabled' > " . HVDEF_HAVP_STATUS_FILE; - } - - write_rcfile($rc); -} -# ------------------------------------------------------------------------------ -# clamd service startup script -function hv_clamd_startup_script() -{ - global $havp_config; - $pid = HVDEF_CLAM_PID; - $clamdchk = "ps auxw | grep \"[c]lamd -c\"|awk '{print $2}'"; - - # rc script - $rc = array(); - $rc['file'] = basename(HVDEF_CLAM_STARTUP_SCRIPT); - $s[] = "\t\techo 'Starting..' > " . HVDEF_CLAM_STATUS_FILE; - - $s[] = "# start"; - $s[] = "\tif [ -z \"`{$clamdchk}`\" ];then"; - $s[] = "\t\t/usr/local/sbin/clamd -c " . HVDEF_CLAM_CONFIG . " 2>/dev/null"; - $s[] = "\t\twait"; - $s[] = "\tfi"; - $s[] = "\techo 'Started' > " . HVDEF_CLAM_STATUS_FILE; - $s[] = ""; - $rc['start'] = implode("\n", $s); - unset($s); - - $s[] = "#stop"; - $s[] = "\t killall clamd 2>/dev/null"; - $s[] = "\t sleep 2"; - $s[] = "\t killall -9 clamd 2>/dev/null"; - $s[] = "\t wait"; - $s[] = "\t\techo 'Stopped' > " . HVDEF_CLAM_STATUS_FILE; - $s[] = ""; - $rc['stop'] = implode("\n", $s); - unset($s); - - write_rcfile($rc); -} -# ------------------------------------------------------------------------------ -# HAVP filter resync script -function havp_filter_resync_script() -{ +/* HAVP service startup script */ +function havp_startup_script() { + global $havp_config; + $pid = HVDEF_PID_FILE; + $havpchk = "/bin/ps auxw | /usr/bin/grep \"[h]avp -c\" | /usr/bin/awk '{print $2}'"; + $clamdchk = "/bin/ps auxw | /usr/bin/grep \"[c]lamd -c\" | /usr/bin/awk '{print $2}'"; + + /* Create rc script */ + $rc = array(); + $rc['file'] = basename(HVDEF_HAVP_STARTUP_SCRIPT); + + $s[] = "\t# init"; + $s[] = "\techo 'Starting ..' > " . HVDEF_HAVP_STATUS_FILE; + + $s[] = "\t# start"; + $s[] = "\tif [ -z \"`{$havpchk}`\" ]; then"; + if ($havp_config[F_USECLAMD] === 'true') { + $clampid_dir = HVDEF_CLAM_RUNDIR; + $s[] = "\t\t# start clamd before (to be sure)"; + $s[] = "\t\t" . HVDEF_CLAM_STARTUP_SCRIPT . " start"; + $s[] = "\t\tsleep 2"; + $s[] = ""; + + $s[] = "\t\t# if clamd started"; + $s[] = "\t\tif [ -n \"`{$clamdchk}`\" ]; then"; + $s[] = "\t\t\t# Waiting for ClamD"; + $s[] = "\t\t\techo -n \"Waiting for ClamD \""; + $s[] = "\t\t\techo 'Waiting for ClamD' > " . HVDEF_HAVP_STATUS_FILE; + $s[] = "\t\t\twhile [ \"`{$clamdchk}`\" != \"`/bin/cat {$clampid_dir}/clamd.pid`\" ]; do"; + $s[] = "\t\t\t\techo -n '.'"; + $s[] = "\t\t\t\tsleep 1"; + $s[] = "\t\t\tdone"; + $s[] = "\t\t\techo"; + $s[] = "\t\tfi"; + $s[] = ""; + } + $s[] = "\t\t" . HVDEF_HAVP_PATH . " -c " . HVDEF_HAVP_CONFIG . " 2>/dev/null"; + $s[] = "\t\twait"; + $s[] = "\tfi"; + + $s[] = "\t# Status"; + $s[] = "\tif [ -z \"`{$havpchk}`\" ]; then"; + $s[] = "\t\techo 'Stopped' > " . HVDEF_HAVP_STATUS_FILE; + $s[] = "\telse"; + $s[] = "\t\techo 'Started' > " . HVDEF_HAVP_STATUS_FILE; + $s[] = "\tfi"; + + $s[] = ""; + $rc['start'] = implode("\n", $s); + unset($s); + + $s[] = "# stop"; + $s[] = "\t /usr/bin/killall havp 2>/dev/null"; + $s[] = "\t sleep 2"; + $s[] = "\t /usr/bin/killall -9 havp 2>/dev/null"; + $s[] = "\t wait"; + $s[] = "\t echo 'Stopped' > " . HVDEF_HAVP_STATUS_FILE; + $s[] = ""; + $rc['stop'] = implode("\n", $s); + unset($s); + + // We don't use start if HAVP is disabled + if ($havp_config[F_ENABLE] !== 'true') { + $rc['start'] = "\t echo 'Disabled' > " . HVDEF_HAVP_STATUS_FILE; + } -return <<<EOD -#!/usr/local/bin/php -f -<?php -# havp filter hook -if (file_exists('/usr/local/pkg/havp.inc')) { - require_once('havp.inc'); - havp_filter_update_3(); + write_rcfile($rc); } -?> -EOD; +/* ClamD service startup script */ +function hv_clamd_startup_script() { + global $havp_config; + $pid = HVDEF_CLAM_PID; + $clamdchk = "/bin/ps auxw | /usr/bin/grep \"[c]lamd -c\" | /usr/bin/awk '{print $2}'"; + + /* Create rc script */ + $rc = array(); + $rc['file'] = basename(HVDEF_CLAM_STARTUP_SCRIPT); + $s[] = "\t\techo 'Starting..' > " . HVDEF_CLAM_STATUS_FILE; + + $s[] = "# start"; + $s[] = "\tif [ -z \"`{$clamdchk}`\" ]; then"; + $s[] = "\t\t" . HVDEF_CLAMD_PATH . " -c " . HVDEF_CLAM_CONFIG . " 2>/dev/null"; + $s[] = "\t\twait"; + $s[] = "\tfi"; + $s[] = "\techo 'Started' > " . HVDEF_CLAM_STATUS_FILE; + $s[] = ""; + $rc['start'] = implode("\n", $s); + unset($s); + + $s[] = "#stop"; + $s[] = "\t /usr/bin/killall clamd 2>/dev/null"; + $s[] = "\t sleep 2"; + $s[] = "\t /usr/bin/killall -9 clamd 2>/dev/null"; + $s[] = "\t wait"; + $s[] = "\t\techo 'Stopped' > " . HVDEF_CLAM_STATUS_FILE; + $s[] = ""; + $rc['stop'] = implode("\n", $s); + unset($s); + + write_rcfile($rc); } -# ============================================================================== -# RAM Disk -# ============================================================================== -function mountRAMdisk($free_and_mount = true) -{ - global $havp_config; - $mnt_point = HVDEF_RAMTEMP_DIR; - $mnt_flag_file = "$mnt_point/.mnt"; - - # RAM Disk disabled - if (HV_USE_TMPRAMDISK !== 'true') { - umountRAMDisk(); - return; - } - - # RAM Disk on VM disabled - if ((HV_VM_TMPRAMDISK !== 'true') && VMWare_detect()) { - umountRAMDisk(); - log_error("havp: RAMDisk on VM disabled."); - return; - } - - # free RAMDisk only - if ($free_and_mount !== true) { - umountRAMDisk(); - return; - } - - # =-= Temp RAMDisk =-= - # note: use 1/4 of system memory capacity - $ramdisk_capacity = get_memory(); - $ramdisk_capacity = intval(intval($ramdisk_capacity[0]) / 4); # [Mb] - - # RAMDisk already exists? - if (file_exists("/dev/md10")) return; - # umount old RAMDisk -# umountRAMDisk(); - - # create and mount a swap backed file system on /var/tmp/havp by /dev/md10: -# SWAP -# mwexec("mdconfig -a -t swap -s {$ramdisk_capacity}M -u 10"); -# mwexec("newfs -U /dev/md10"); -# mwexec("mount /dev/md10 $mnt_point"); -# RAM - more quickly, used physical RAM - mwexec("/sbin/mdmfs -s {$ramdisk_capacity}M md10 {$mnt_point}"); - mwexec("chmod 1777 {$mnt_point}"); - - # create flag file - file_put_contents($mnt_flag_file, "{$ramdisk_capacity}"); - # syslog - if (HV_DEBUG === 'true') - log_error("havp: Create RAMDisk {$ramdisk_capacity}Mb."); -} -# ------------------------------------------------------------------------------ -function umountRAMDisk() -{ - global $havp_config; - - # detach and free all resources used by /dev/md10: - mwexec("umount -f " . HVDEF_RAMTEMP_DIR); - mwexec("mdconfig -d -u 10"); +/* +* ============================================================================== +* RAM Disk +* ============================================================================== +*/ +function mountRAMdisk($free_and_mount = true) { + global $havp_config; + $mnt_point = HVDEF_RAMTEMP_DIR; + $mnt_flag_file = "$mnt_point/.mnt"; + + /* RAM Disk disabled */ + if (HV_USE_TMPRAMDISK !== 'true') { + umountRAMDisk(); + return; + } + + /* RAM Disk on VM disabled */ + if ((HV_VM_TMPRAMDISK !== 'true') && VMWare_detect()) { + umountRAMDisk(); + log_error("havp: RAMDisk on VM disabled."); + return; + } + + /* Free RAMDisk only */ + if ($free_and_mount !== true) { + umountRAMDisk(); + return; + } + + /* Temp RAMDisk */ + // Note: Use 1/4 of system memory capacity + $ramdisk_capacity = get_memory(); + $ramdisk_capacity = intval(intval($ramdisk_capacity[0]) / 4); // [MB] + + /* RAMDisk already exists? */ + if (file_exists("/dev/md10")) { + return; + } + + /* Create and mount a swap backed file system on /var/tmp/havp by /dev/md10: */ + // mwexec("mdconfig -a -t swap -s {$ramdisk_capacity}M -u 10"); + // mwexec("newfs -U /dev/md10"); + // mwexec("mount /dev/md10 $mnt_point"); + /* RAM - faster, uses physical RAM */ + mwexec("/sbin/mdmfs -s {$ramdisk_capacity}M md10 {$mnt_point}"); + mwexec("/bin/chmod 1777 {$mnt_point}"); + + /* Create flag file */ + file_put_contents($mnt_flag_file, "{$ramdisk_capacity}"); + /* syslog */ + if (HV_DEBUG === 'true') { + log_error("HAVP: Create RAMDisk {$ramdisk_capacity}Mb."); + } } -# ============================================================================== -# Utilites -# ============================================================================== -function VMWare_detect() -{ - global $g; - $fc = ''; - if (file_exists("{$g['varlog_path']}/dmesg.boot") !== false) - $fc = file_get_contents("{$g['varlog_path']}/dmesg.boot"); +function umountRAMDisk() { + global $havp_config; - return (strpos($fc, "<VMware Virtual") !== false); + /* Detach and free all resources used by /dev/md10 */ + mwexec("/sbin/umount -f " . HVDEF_RAMTEMP_DIR); + mwexec("/sbin/mdconfig -d -u 10"); } -function pfsense_version_() -{ - $ver = '1'; +/* +* ============================================================================== +* Utilites +* ============================================================================== +*/ +function VMWare_detect() { + global $g; + $fc = ''; - if (file_exists('/etc/version')) { - $s = file_get_contents('/etc/version'); - $s = str_replace('-', '.', $s); # '2.0-Beta' > '2.0.Beta' - $s = explode(".", $s); - $ver = $s ? $s[0] : '1'; - } + if (file_exists("{$g['varlog_path']}/dmesg.boot") !== false) { + $fc = file_get_contents("{$g['varlog_path']}/dmesg.boot"); + } - return intval($ver); + return (strpos($fc, "<VMware Virtual") !== false); } -# ------------------------------------------------------------------------------ -function start_antivirus_scanner($filename) -{ - $param = array(); -# $param[] = "-v"; # verbose - if (HV_DEBUG === 'true') - $param[] = "--debug"; # debug option - else $param[] = "--quiet"; # output only errors - $param[] = "--stdout"; # Write to stdout instead of stderr -# $param[] = "--no-summary"; # Disable summary at end of scanning - $param[] = "-i"; # Only print infected files - $param[] = "--tempdir=" . HVDEF_TEMP_DIR; # Create temporary files in DIRECTORY -# $param[] = "-d FILE/DIR"; # Load virus database from FILE or load all .cvd and .db[2] files from DIR - $param[] = "-l " . HVDEF_CLAMSCAN_LOG; # Save scan report to FILE - $param[] = "-r"; # Scan subdirectories recursively - $param[] = "--remove"; # Remove infected files. Be careful! - $param[] = "--detect-broken"; # Try to detect broken executable files - $param[] = "--max-filesize=10000000"; # Files larger than this will be skipped and assumed clean - $param[] = "--max-scansize=5000000"; # The maximum amount of data to scan for each container file (*) - $param[] = "--max-files=10000"; # The maximum number of files to scan for each container file (*) - $param[] = "--max-recursion=255"; # Maximum archive recursion level for container file (*) - $param[] = "--max-dir-recursion=255"; # Maximum directory recursion level - - $param = implode(" ", $param); - if ($havp_config[F_USECLAMD] === 'true') - $param = "clamdscan $param $filename"; # use clamd daemon (more quickly) - else $param = "clamscan $param $filename"; - - # debug clamscan cmd - if (HV_DEBUG === 'true') file_put_contents("/tmp/clamscan.cmd", $param); - - if (file_exists($filename)) { - log_error("Antivirus: Starting file '$filename' scanner. Log file is '" . HVDEF_CLAMSCAN_LOG . "'. Wait 5-10 minutes."); - - # put to log scanning file - $cont="Starting scan file {$filename}\n"; - file_put_contents(HVDEF_CLAMSCAN_LOG, $cont); - - mwexec_bg("$param"); - exec("date +\"%Y.%m.%d %H:%M:%S Starting scan file '$filename'.\" > " . HVDEF_CLAMSCAN_LOG); - } - else log_error("Antivirus: Can't starting file scanner. File '$filename' not exists."); +/* ------------------------------------------------------------------------------ */ +function start_antivirus_scanner($filename) { + $param = array(); + // $param[] = "-v"; // verbose + if (HV_DEBUG === 'true') { + $param[] = "--debug"; // debug option + } else { + $param[] = "--quiet"; // output only errors + } + $param[] = "--stdout"; // Write to stdout instead of stderr + // $param[] = "--no-summary"; // Disable summary at end of scanning + $param[] = "-i"; // Only print infected files + $param[] = "--tempdir=" . HVDEF_TEMP_DIR; // Create temporary files in DIRECTORY + // $param[] = "-d FILE/DIR"; // Load virus database from FILE or load all .cvd and .db[2] files from DIR + $param[] = "-l " . HVDEF_CLAMSCAN_LOG; // Save scan report to FILE + $param[] = "-r"; // Scan subdirectories recursively + $param[] = "--remove"; // Remove infected files. Be careful! + $param[] = "--detect-broken"; // Try to detect broken executable files + $param[] = "--max-filesize=10000000"; // Files larger than this will be skipped and assumed clean + $param[] = "--max-scansize=5000000"; // The maximum amount of data to scan for each container file (*) + $param[] = "--max-files=10000"; // The maximum number of files to scan for each container file (*) + $param[] = "--max-recursion=255"; // Maximum archive recursion level for container file (*) + $param[] = "--max-dir-recursion=255"; // Maximum directory recursion level + + $param = implode(" ", $param); + if ($havp_config[F_USECLAMD] === 'true') { + $param = "clamdscan $param $filename"; // use clamd daemon (faster) + } else { + $param = "clamscan $param $filename"; + } + + // debug clamscan cmd + if (HV_DEBUG === 'true') { + file_put_contents("/tmp/clamscan.cmd", $param); + } + + if (file_exists($filename)) { + log_error("Antivirus: Starting file '$filename' scan. Log file is '" . HVDEF_CLAMSCAN_LOG . "'. Wait 5-10 minutes."); + + // Put file scan to log + $cont = "Starting scan file {$filename}\n"; + file_put_contents(HVDEF_CLAMSCAN_LOG, $cont); + + mwexec_bg("$param"); + exec("/bin/date +\"%Y.%m.%d %H:%M:%S Starting scan of {$filename}.\" > " . HVDEF_CLAMSCAN_LOG); + } else { + log_error("Antivirus: Cannot scan file: {$filename} does not exist."); + } } -# ------------------------------------------------------------------------------ -# HTML -# ------------------------------------------------------------------------------ -function havp_fscan_html() -{ - global $g; - $clamscan_log = HVDEF_CLAMSCAN_LOG; - - return <<<EOD -<hr> -<span onClick="document.getElementById('scanfilepath').value = '/var/squid';" style="cursor: pointer;"> - <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here'> - <font size='-1'><u> Squid cache path (scan your squid cache now).</u></font> - </img> +/* +* ------------------------------------------------------------------------------ +* HTML +* ------------------------------------------------------------------------------ +*/ +function havp_fscan_html() { + global $g; + $clamscan_log = HVDEF_CLAMSCAN_LOG; + + return <<< EOD +<hr /> +<span onclick="document.getElementById('scanfilepath').value = '/var/squid';" style="cursor: pointer;"> + <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here' alt=''> + <span style='text-decoration: underline;'> Squid cache path (scan your Squid cache now).</span> + </img> </span> -<br> -<span onClick="document.getElementById('scanfilepath').value = '/var/db';" style="cursor: pointer;"> - <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here'> - <font size='-1'><u> Common DB path.</u></font> - </img> +<br /> +<span onclick="document.getElementById('scanfilepath').value = '/var/db';" style="cursor: pointer;"> + <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here' alt=''> + <span style='text-decoration: underline;'> Common DB path.</span> + </img> </span> -<br> -<span onClick="document.getElementById('scanfilepath').value = '/tmp';" style="cursor: pointer;"> - <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here'> - <font size='-1'><u> Temp path.</u></font> - </img> +<br /> +<span onclick="document.getElementById('scanfilepath').value = '/tmp';" style="cursor: pointer;"> + <img src='./themes/{$g['theme']}/images/icons/icon_pass.gif' title='Click here' alt=''> + <span style='text-decoration: underline;'> Temp path.</span> + </img> </span> -<hr> -<input name='submit' type='submit' value='Start_scan'><br> -Press button for start antivirus scanner now. After 5-10 minutes look log file '{$clamscan_log}'.<br> -(Diagnostics: Execute Shell command: <b>'cat {$clamscan_log}'</b>) +<hr /> +<input name='submit' type='submit' value='Start_scan' /><br /> +Press button to start AV scanner now. After 5-10 minutes look at the log file '{$clamscan_log}'.<br /> +In Diagnostics - Command Prompt - Execute Shell command: <strong>'/bin/cat {$clamscan_log}'</strong>) EOD; } -/* Future - in next time */ -# blacklist, dns, down, error, invalid, maxsize, request, scanner, virus -function havp_html_notification_page($type, $title, $notify, $message) -{ - $class = ''; - switch($type) { - case 'blacklist': $class = 'notify-warn'; break; - case 'dns': $class = 'notify-standart'; break; - case 'down': $class = 'notify-standart'; break; - case 'error': $class = 'notify-standart'; break; - case 'invalid': $class = 'notify-standart'; break; - case 'maxsize': $class = 'notify-warn'; break; - case 'request': $class = 'notify-standart'; break; - case 'scanner': $class = 'notify-warn'; break; - case 'virus': $class = 'notify-danger'; break; - } - - return <<<EOD -<html> - <head> - <meta http-equiv="content-type" content="text/html; "> - <style type="text/css"> - <!-- - .havp_scheme {width: 100%; border: 0px; color: black; vertical-align: bottom; text-align: center; font-family: arial,helvetica; padding-bottom: 3%} - .havp_scheme.header {font-size: 10pt; font-weight: bold; background-color: #FFFFFF; color: #446699;} - .havp_scheme.notify {font-size: 14pt; font-weight: bold; background-color: #E9E9E9; color: #446699;} - .havp_scheme.notify-standart {font-size: 14pt; font-weight: bold; background-color: #E9E9E9; color: #446699;} - .havp_scheme.notify-strong {font-size: 14pt; font-weight: bold; background-color: #E9E9E9; color: #446699;} - .havp_scheme.notify-danger {font-size: 14pt; font-weight: bold; background-color: #FFEFEF; color: #FF6666;} - .havp_scheme.notify-warn {font-size: 14pt; font-weight: bold; background-color: #FFEFDF; color: #FF9966;} - .havp_scheme.message {font-size: 10pt; background-color: #FFFFFF; color: #000066;} - .havp_scheme.footer {font-size: 10pt; background-color: #DDDDDD; color: #000066;} - --> - </style - <title>HTTP AntiVirus Proxy: $type</title> - </head> - <body> - <table class='havp_scheme' cellpadding='2' cellspacing='0' align='center'> - <tr class='header'><td>$title<br>HTTP AntiVirus Proxy: $type</td></tr> - <tr class='$class'><td>$notify</td></tr> - <tr class='message'><td>$message<br><!--message--></td></tr> - <tr class='footer' ><td>Powered by havp.</td></tr> - </table> - </body> -</html> -EOD; - -} - -# ============================================================================== -# Status, widgets -# ============================================================================== -function havp_get_scan_log() -{ - $s = ''; - $clamscanlog = "/var/log/clamscan.log"; - if (file_exists($clamscanlog)) { - $s = file_get_contents("/var/log/clamscan.log"); - } - if (empty($s)) $s = "Not found."; - return $s; -} - -function havp_get_filescanlist() -{ - $slist = array(); - $slist[0]['descr'] = 'Squid cache path (scan you squid cache now).'; - $slist[0]['path'] = '/var/squid'; - $slist[1]['descr'] = 'Common DB path.'; - $slist[1]['path'] = '/var/db'; - $slist[2]['descr'] = 'Temp path.'; - $slist[2]['path'] = '/tmp'; - return $slist; +/* +* ============================================================================== +* Status, widgets +* ============================================================================== +*/ +function havp_get_scan_log() { + $s = ''; + $clamscanlog = "/var/log/clamscan.log"; + if (file_exists($clamscanlog)) { + $s = file_get_contents("/var/log/clamscan.log"); + } + if (empty($s)) { + $s = "Not found."; + } + return $s; } -function havp_get_av_viruslog() -{ - $s = array(); - if (file_exists(HVDEF_HAVP_ACCESSLOG)) { - $log = file_get_contents(HVDEF_HAVP_ACCESSLOG); - - $log = explode("\n", $log); - $count = 0; - foreach($log as $ln) { - if (substr_count(strtolower($ln), "virus clam")) - $s[] = $ln; - } - } - - return $s; +function havp_get_filescanlist() { + $slist = array(); + $slist[0]['descr'] = 'Squid cache path (scan you Squid cache now).'; + $slist[0]['path'] = '/var/squid'; + $slist[1]['descr'] = 'Common DB path.'; + $slist[1]['path'] = '/var/db'; + $slist[2]['descr'] = 'Temp path.'; + $slist[2]['path'] = '/tmp'; + return $slist; } -function havp_get_av_statistic() -{ - $s = "Unknown."; - if (file_exists(HVDEF_HAVP_ACCESSLOG)) { - $log = file_get_contents(HVDEF_HAVP_ACCESSLOG); - - $count = substr_count(strtolower($log), "virus clam"); - $s = "Found $count viruses (total)."; - } - - return $s; +function havp_get_av_viruslog() { + $s = array(); + if (file_exists(HVDEF_HAVP_ACCESSLOG)) { + $log = file_get_contents(HVDEF_HAVP_ACCESSLOG); + $log = explode("\n", $log); + $count = 0; + foreach($log as $ln) { + if (substr_count(strtolower($ln), "virus clam")) { + $s[] = $ln; + } + } + } + return $s; } -# ------------------------------------------------------------------------------ -# Fix -# ------------------------------------------------------------------------------ -function havp_fix() -{ - # remove old named scripts - # now must exists 'havp.sh'/'clamd' - mwexec(HVDEF_SCRIPT_DIR . "/havp"); - mwexec(HVDEF_SCRIPT_DIR . "/clamd.sh"); +function havp_get_av_statistic() { + $s = "Unknown."; + if (file_exists(HVDEF_HAVP_ACCESSLOG)) { + $log = file_get_contents(HVDEF_HAVP_ACCESSLOG); + $count = substr_count(strtolower($log), "virus clam"); + $s = "Found $count viruses (total)."; + } + return $s; } ?> diff --git a/config/havp/havp.xml b/config/havp/havp.xml index f5afc2fe..cc11b7a6 100644 --- a/config/havp/havp.xml +++ b/config/havp/havp.xml @@ -1,324 +1,387 @@ <?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <name>havp</name> - <title>Antivirus: HTTP proxy (havp + clamav)</title> - <category>Status</category> - <version>1.02</version> - <include_file>/usr/local/pkg/havp.inc</include_file> - <menu> - <name>Antivirus</name> - <tooltiptext>Antivirus service</tooltiptext> - <section>Services</section> - <url>/antivirus.php</url> - </menu> - <service> + <copyright> +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ +/* + havp.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009-2010 Sergey Dvoriancev <dv_serg@mail.ru> + Copyright (C) 2014 Andrew Nikitin <andrey.b.nikitin@gmail.com>. + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> + <name>havp</name> + <title>Antivirus: HTTP proxy (HAVP + ClamAV)</title> + <category>Status</category> + <version>1.10.0</version> + <include_file>/usr/local/pkg/havp.inc</include_file> + <menu> + <name>Antivirus</name> + <tooltiptext>Antivirus service</tooltiptext> + <section>Services</section> + <url>/antivirus.php</url> + </menu> + <service> <name>havp</name> <rcfile>havp.sh</rcfile> <executable>havp</executable> - <description>Antivirus HTTP proxy Service</description> - </service> - <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/havp/havp.inc</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <!--additional_files_needed> - <item>https://packages.pfsense.org/packages/config/havp/havp_fscan.xml</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - </additional_files_needed--> - <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/havp/havp_avset.xml</item> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <additional_files_needed> - <item>https://packages.pfsense.org/packages/config/havp/antivirus.php</item> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - </additional_files_needed> - <tabs> - <tab> - <text>General page</text> - <url>/antivirus.php</url> - </tab> - <tab> - <text>HTTP proxy</text> - <url>/pkg_edit.php?xml=havp.xml&id=0</url> - <active/> - </tab> - <!--tab> - <text>Files Scanner</text> - <url>/pkg_edit.php?xml=havp_fscan.xml&id=0</url> - </tab--> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=havp_avset.xml&id=0</url> - </tab> - <tab> - <text>HAVP Log</text> - <url>/havp_log.php</url> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Enable</fielddescr> - <fieldname>enable</fieldname> - <description>Check this for enable proxy.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>ClamAV mode</fielddescr> - <fieldname>useclamd</fieldname> - <description> - Select ClamAV running mode:<br> - <b>Daemon</b> - HAVP will use ClamAV as socket scanner daemon. Default option.<br> - <b>Library</b> - HAVP will use ClamAV as loaded library scanner. Note: this mode needs much more memory.<br> - </description> - <type>select</type> - <default_value>true</default_value> - <options> - <option><value>true</value><name>Daemon</name></option> - <option><value>false</value><name>Library</name></option> - </options> - </field> - <field> - <fielddescr>Proxy mode</fielddescr> - <fieldname>proxymode</fieldname> - <description> - Select interface mode: <br> - <b> standard </b> - client(s) bind to the 'proxy port' on selected interface(s); <br> - <b> parent for squid </b> - configure HAVP as parent for Squid proxy;<br> - <b> transparent </b> - all HTTP requests on interface(s) will be directed to the HAVP proxy server without any client configuration necessary (works as parent for squid with transparent Squid proxy); <br> - <b> internal </b> - HAVP will listen on the loopback (127.0.0.1) on configured 'proxy port.' Use you own traffic forwarding rules.<br> + <description>Antivirus HTTP Proxy Service</description> + </service> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/havp/havp.inc</item> + <prefix>/usr/local/pkg/</prefix> + </additional_files_needed> + <!-- + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/havp/havp_fscan.xml</item> + <prefix>/usr/local/pkg/</prefix> + </additional_files_needed> + --> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/havp/havp_avset.xml</item> + <prefix>/usr/local/pkg/</prefix> + </additional_files_needed> + <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/havp/antivirus.php</item> + <prefix>/usr/local/www/</prefix> + </additional_files_needed> + <tabs> + <tab> + <text>General Page</text> + <url>/antivirus.php</url> + </tab> + <tab> + <text>HTTP Proxy</text> + <url>/pkg_edit.php?xml=havp.xml</url> + <active/> + </tab> + <!-- + <tab> + <text>Files Scanner</text> + <url>/pkg_edit.php?xml=havp_fscan.xml</url> + </tab> + --> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=havp_avset.xml</url> + </tab> + <tab> + <text>HAVP Log</text> + <url>/havp_log.php?logtab=havp</url> + </tab> + <tab> + <text>Clamd Log</text> + <url>/havp_log.php?logtab=clamd</url> + </tab> + </tabs> + <fields> + <field> + <fielddescr>Enable</fielddescr> + <fieldname>enable</fieldname> + <description>Check this to enable AV proxy.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>ClamAV Mode</fielddescr> + <fieldname>useclamd</fieldname> + <description> + <![CDATA[ + Select ClamAV running mode:<br /> + <strong>Daemon</strong> - HAVP will use ClamAV as socket scanner daemon. (Default option.)<br /> + <strong>Library</strong> - HAVP will use ClamAV as loaded library scanner. Note: this mode needs <strong>much more</strong> memory.<br /> + ]]> </description> - <type>select</type> - <default_value>standard</default_value> - <options> - <option><value>standard</value><name>Standard</name></option> - <option><value>squid</value><name>Parent for Squid</name></option> - <option><value>transparent</value><name>Transparent</name></option> - <option><value>internal</value><name>Internal</name></option> - </options> - </field> - <field> - <fielddescr>Proxy interface(s)</fielddescr> - <fieldname>proxyinterface</fieldname> - <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + L. Click for multiple selection.</description> - <type>interfaces_selection</type> - <required/> - <multiple/> - <default_value>lan</default_value> - </field> - <field> - <fielddescr>Proxy port</fielddescr> - <fieldname>proxyport</fieldname> - <description> - This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy. - </description> - <type>input</type> - <size>10</size> - <required/> - <default_value>3125</default_value> - </field> - <field> - <fielddescr>Parent proxy</fielddescr> - <fieldname>parentproxy</fieldname> - <description> - Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty. - </description> - <type>input</type> - <size>90</size> - </field> - <field> - <fielddescr>Enable X-Forwarded-For</fielddescr> - <fieldname>enablexforwardedfor</fieldname> - <description> - If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons. - <br>Enable this if you use your own parent proxy after HAVP, so it will see the original client IP. - <br>Disabling this also disables Via: header generation. - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable Forwarded IP</fielddescr> - <fieldname>enableforwardedip</fieldname> - <description> - If HAVP is used as a parent proxy for some other proxy, this allows writing the real user's IP to log, instead of the proxy IP. - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Language</fielddescr> - <fieldname>lang</fieldname> - <description>Select the language in which the proxy server will display error messages to users.</description> - <type>select</type> - <value>en</value> - <options> - <option><value>br</value><name>Brazil</name></option> - <option><value>de</value><name>Germany</name></option> - <option><value>en</value><name>English</name></option> - <option><value>es</value><name>Spain</name></option> - <option><value>fr</value><name>French</name></option> - <option><value>it</value><name>Italian</name></option> - <option><value>nf</value><name>Norfolk Island</name></option> - <option><value>pl</value><name>Poland</name></option> - <option><value>ru</value><name>Russian</name></option> - </options> - </field> - <field> - <fielddescr>Max download size, Bytes</fielddescr> - <fieldname>maxdownloadsize</fieldname> - <description>Enter value (in Bytes) or leave empty. Downloads larger than 'Max download size' will be blocked if not whitelisted.</description> - <type>input</type> - <size>10</size> - <default_value></default_value> - </field> - <field> - <fielddescr>HTTP Range requests</fielddescr> - <fieldname>range</fieldname> - <description> - Set this for allow HTTP Range requests, and broken downloads can be resumed. - Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned. - Whitelisted sites are allowed to use Range in any case. - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Whitelist</fielddescr> - <fieldname>whitelist</fieldname> - <description> - Enter each destination URL on a new line that will be accessable to the users without scanning. - Use '*' symbol for mask. Example: *.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc - </description> - <type>textarea</type> - <cols>60</cols> - <rows>5</rows> - <encoding>base64</encoding> - </field> - <field> - <fielddescr>Blacklist</fielddescr> - <fieldname>blacklist</fieldname> - <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.</description> - <type>textarea</type> - <cols>60</cols> - <rows>5</rows> - <encoding>base64</encoding> - </field> - <field> - <fielddescr>Block file if error scanning</fielddescr> - <fieldname>failscanerror</fieldname> - <description>If set, the proxy will block the files on which an error scanning.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Enable RAM Disk</fielddescr> - <fieldname>enableramdisk</fieldname> - <description> - This option allow use RAM disk for HAVP temp files for more quick traffic scan. - RAM disk size depends on 'ScanMax' file size and available memory. - This option can be ignored on systems with low memory. - ( RAM disk size calculated as [1/4 available system memory] > [Scan max file size] * 100 ) - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Scan max file size</fielddescr> - <fieldname>scanmaxsize</fieldname> - <description> - Select this value for limit maximum file size or leave '---(5M)'. - Files larger than this limit won't be scanned. - Small values increace scan speed and maximum new connections per second and allow RAM disk use. - <br> - NOTE: Setting limit is a security risk, because some archives like - ZIP need all the data to be scanned properly! Use this only if you - can't afford temporary space for big files. - </description> - <type>select</type> - <value>0</value> - <options> - <option><value> 5000</value><name>--- (5M)</name></option> - <option><value> 1</value><name> 1 K</name></option> - <option><value> 2</value><name> 2 K</name></option> - <option><value> 3</value><name> 3 K</name></option> - <option><value> 5</value><name> 5 K</name></option> - <option><value> 7</value><name> 7 K</name></option> - <option><value> 10</value><name> 10 K</name></option> - <option><value> 20</value><name> 20 K</name></option> - <option><value> 30</value><name> 30 K</name></option> - <option><value> 50</value><name> 50 K</name></option> - <option><value> 70</value><name> 70 K</name></option> - <option><value> 100</value><name> 100 K</name></option> - <option><value> 200</value><name> 200 K</name></option> - <option><value> 300</value><name> 300 K</name></option> - <option><value> 500</value><name> 500 K</name></option> - <option><value> 700</value><name> 700 K</name></option> - <option><value> 1000</value><name> 1000 K</name></option> - <option><value> 1500</value><name> 1500 K</name></option> - <option><value> 2000</value><name> 2000 K</name></option> - <option><value> 2500</value><name> 2500 K</name></option> - <option><value> 3000</value><name> 3000 K</name></option> - <option><value> 3500</value><name> 3500 K</name></option> - <option><value> 4000</value><name> 4000 K</name></option> - <option><value> 4500</value><name> 4500 K</name></option> - <option><value> 5000</value><name> 5000 K</name></option> - <option><value> 5500</value><name> 5500 K</name></option> - <option><value> 6000</value><name> 6000 K</name></option> - <option><value> 7000</value><name> 7000 K</name></option> - <option><value> 8000</value><name> 8000 K</name></option> - <option><value> 9000</value><name> 9000 K</name></option> - <option><value>10000</value><name>10 000 K</name></option> - </options> - </field> - <field> - <fielddescr>Scan images</fielddescr> - <fieldname>scanimg</fieldname> - <description> - Check this for scan image files. - This option allows you to increase reliability, but also slows down the scanning process. - </description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Scan media stream</fielddescr> - <fieldname>scanstream</fieldname> - <description>Check this for scan media (audio/video) stream. Use this for additional scan exploits for players.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Scan Broken Executables</fielddescr> - <fieldname>scanbrokenexe</fieldname> - <description>Check this to enable the Heuristic Broken Executable scan.</description> - <type>checkbox</type> - <default_value>on</default_value> - </field> - <field> - <fielddescr>HAVP Log</fielddescr> - <fieldname>log</fieldname> - <description>Check this for enable HAVP log.</description> - <type>checkbox</type> - <enablefields>syslog</enablefields> - </field> - <field> - <fielddescr>HAVP Syslog</fielddescr> - <fieldname>syslog</fieldname> - <description>Check this for enable HAVP Syslog.</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_command_before_form> - havp_before_form($pkg); - </custom_php_command_before_form> - <custom_php_validation_command> - havp_validate_settings($_POST, $input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - havp_resync(); - </custom_php_resync_config_command> - <custom_php_install_command> + <type>select</type> + <default_value>true</default_value> + <options> + <option><value>true</value><name>Daemon</name></option> + <option><value>false</value><name>Library</name></option> + </options> + </field> + <field> + <fielddescr>Proxy Mode</fielddescr> + <fieldname>proxymode</fieldname> + <description> + <![CDATA[ + Select proxy interface mode:<br /> + <strong>Standard</strong> - clients bind to the 'proxy port' on selected interface(s)<br /> + <strong>Parent for Squid</strong> - configure HAVP as parent for Squid proxy<br /> + <strong>Transparent</strong> - all HTTP requests on interface(s) will be directed to the HAVP proxy server without any client configuration necessary. (Works as parent for Squid with transparent Squid proxy.)<br /> + <strong>Internal</strong> - HAVP will listen on the loopback (127.0.0.1) on configured 'Proxy Port.' Use your own firewall forwarding rules.<br /> + ]]> + </description> + <type>select</type> + <default_value>standard</default_value> + <options> + <option><value>standard</value><name>Standard</name></option> + <option><value>squid</value><name>Parent for Squid</name></option> + <option><value>transparent</value><name>Transparent</name></option> + <option><value>internal</value><name>Internal</name></option> + </options> + </field> + <field> + <fielddescr>Proxy Interface(s)</fielddescr> + <fieldname>proxyinterface</fieldname> + <description>The interface(s) for client connections to the proxy. Use 'Ctrl' + left click for multiple selection.</description> + <type>interfaces_selection</type> + <required/> + <multiple/> + <default_value>lan</default_value> + </field> + <field> + <fielddescr>Proxy Port</fielddescr> + <fieldname>proxyport</fieldname> + <description> + <![CDATA[ + This is the port that HAVP proxy server will listen on. (Example: 8080)<br /> + <strong>Note: This port must be different from Squid proxy.</strong> + ]]> + </description> + <type>input</type> + <size>10</size> + <required/> + <default_value>3125</default_value> + </field> + <field> + <fielddescr>Parent Proxy</fielddescr> + <fieldname>parentproxy</fieldname> + <description>Enter the parent (upstream) proxy settings in PROXY:PORT format or leave empty.</description> + <type>input</type> + <size>90</size> + </field> + <field> + <fielddescr>Enable X-Forwarded-For</fielddescr> + <fieldname>enablexforwardedfor</fieldname> + <description> + <![CDATA[ + If client sends this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons.<br /> + Enable this if you use your own parent proxy after HAVP, so it will see the original client's IP.<br /> + Note: Disabling this also disables <em>Via:</em> header generation.<br /> + ]]> + </description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable Forwarded IP</fielddescr> + <fieldname>enableforwardedip</fieldname> + <description>If HAVP is used as a parent proxy for some other proxy, this allows writing the real user's IP to log, instead of the proxy IP.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Language</fielddescr> + <fieldname>lang</fieldname> + <description>Select the language in which the HAVP proxy server will display error messages to users.</description> + <type>select</type> + <value>en</value> + <options> + <option><value>br</value><name>Brazilian Portuguese</name></option> + <option><value>de</value><name>German</name></option> + <option><value>en</value><name>English</name></option> + <option><value>es</value><name>Spanish</name></option> + <option><value>fr</value><name>French</name></option> + <option><value>it</value><name>Italian</name></option> + <option><value>nl</value><name>Dutch</name></option> + <option><value>pf</value><name>Norf'k</name></option> + <option><value>pl</value><name>Polish</name></option> + <option><value>ru</value><name>Russian</name></option> + <option><value>sv</value><name>Swedish</name></option> + </options> + </field> + <field> + <fielddescr>Max Download Size</fielddescr> + <fieldname>maxdownloadsize</fieldname> + <description> + <![CDATA[ + Enter value <strong>(in bytes)</strong> or leave empty. Downloads larger than 'Max Download Size' will be blocked if not whitelisted. + ]]> + </description> + <type>input</type> + <size>10</size> + <default_value></default_value> + </field> + <field> + <fielddescr>HTTP Range Requests</fielddescr> + <fieldname>range</fieldname> + <description> + <![CDATA[ + Set this to allow HTTP Range requests, so that broken downloads can be resumed.<br /> + Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned.<br /> + Note: Whitelisted sites are allowed to use HTTP Range in any case, regardless of this setting. + ]]> + </description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Whitelist</fielddescr> + <fieldname>whitelist</fieldname> + <description> + <![CDATA[ + Enter each destination URL on a <strong>separate line</strong>. The URLs will be accessible to users without AV scanning.<br /> + Use '*' symbol as wildcard mask. URL examples: *.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc + ]]> + </description> + <type>textarea</type> + <cols>60</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Blacklist</fielddescr> + <fieldname>blacklist</fieldname> + <description> + <![CDATA[ + Enter each destination URL on a <strong>separate line</strong>, using the same syntax as 'Whitelist'.<br /> + <strong>Access to these URLs will be blocked for HAVP proxy users.</strong> + ]]> + </description> + <type>textarea</type> + <cols>60</cols> + <rows>5</rows> + <encoding>base64</encoding> + </field> + <field> + <fielddescr>Block File on Scanning Error</fielddescr> + <fieldname>failscanerror</fieldname> + <description>If enabled, the proxy will block the files if an error occurs while scanning.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Enable RAM Disk</fielddescr> + <fieldname>enableramdisk</fieldname> + <description> + <![CDATA[ + This option allows to use RAM disk for HAVP temporary files for faster traffic scan.<br /> + RAM disk size depends on 'Scan Max File Size' and available memory. <strong>This option should be ignored on systems with low memory.</strong><br /> + Note: RAM disk size is calculated as [1/4 available system memory] > [Scan max file size] * 100 ). + ]]> + </description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Scan Max File Size</fielddescr> + <fieldname>scanmaxsize</fieldname> + <description> + <![CDATA[ + Select the value to limit maximum scanned file size or leave at default (5 MB). Files larger than this limit will not be scanned.<br /> + Small values increase scan speed and maximum new connections per second and allow RAM disk use.<br /> + NOTE: Setting a low limit is a security risk, because some archives like ZIP need all the data to be scanned properly! Use this only if you + can't afford temporary space for large files. + ]]> + </description> + <type>select</type> + <value>0</value> + <options> + <option><value> 5000</value><name>--- (5M)</name></option> + <option><value> 1</value><name> 1 K</name></option> + <option><value> 2</value><name> 2 K</name></option> + <option><value> 3</value><name> 3 K</name></option> + <option><value> 5</value><name> 5 K</name></option> + <option><value> 7</value><name> 7 K</name></option> + <option><value> 10</value><name> 10 K</name></option> + <option><value> 20</value><name> 20 K</name></option> + <option><value> 30</value><name> 30 K</name></option> + <option><value> 50</value><name> 50 K</name></option> + <option><value> 70</value><name> 70 K</name></option> + <option><value> 100</value><name> 100 K</name></option> + <option><value> 200</value><name> 200 K</name></option> + <option><value> 300</value><name> 300 K</name></option> + <option><value> 500</value><name> 500 K</name></option> + <option><value> 700</value><name> 700 K</name></option> + <option><value> 1000</value><name> 1000 K</name></option> + <option><value> 1500</value><name> 1500 K</name></option> + <option><value> 2000</value><name> 2000 K</name></option> + <option><value> 2500</value><name> 2500 K</name></option> + <option><value> 3000</value><name> 3000 K</name></option> + <option><value> 3500</value><name> 3500 K</name></option> + <option><value> 4000</value><name> 4000 K</name></option> + <option><value> 4500</value><name> 4500 K</name></option> + <option><value> 5000</value><name> 5000 K</name></option> + <option><value> 5500</value><name> 5500 K</name></option> + <option><value> 6000</value><name> 6000 K</name></option> + <option><value> 7000</value><name> 7000 K</name></option> + <option><value> 8000</value><name> 8000 K</name></option> + <option><value> 9000</value><name> 9000 K</name></option> + <option><value>10000</value><name>10 000 K</name></option> + </options> + </field> + <field> + <fielddescr>Scan Images</fielddescr> + <fieldname>scanimg</fieldname> + <description>Check this option to scan image files. This option allows you to increase reliability, but also slows down the scanning process.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Scan Media Streams</fielddescr> + <fieldname>scanstream</fieldname> + <description>Check this option to scan media (audio/video) streams.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Scan Broken Executables</fielddescr> + <fieldname>scanbrokenexe</fieldname> + <description>Check this to enable the Heuristic Broken Executable Scan.</description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> + <fielddescr>HAVP Log</fielddescr> + <fieldname>log</fieldname> + <description>Check this to enable HAVP logging.</description> + <type>checkbox</type> + <enablefields>syslog</enablefields> + </field> + <field> + <fielddescr>HAVP Syslog</fielddescr> + <fieldname>syslog</fieldname> + <description>Check this to enable HAVP logging to syslog.</description> + <type>checkbox</type> + </field> + </fields> + <custom_php_validation_command> + havp_validate_settings($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + havp_resync(); + </custom_php_resync_config_command> + <custom_php_install_command> havp_install(); - </custom_php_install_command> - <custom_php_deinstall_command> + </custom_php_install_command> + <custom_php_deinstall_command> havp_deinstall(); - </custom_php_deinstall_command> + </custom_php_deinstall_command> + <filter_rules_needed> + havp_generate_rules + </filter_rules_needed> </packagegui> diff --git a/config/havp/havp_avset.xml b/config/havp/havp_avset.xml index 041c6f64..0f8ac5e6 100644 --- a/config/havp/havp_avset.xml +++ b/config/havp/havp_avset.xml @@ -1,111 +1,158 @@ <?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <name>havpavset</name> - <title>Antivirus: Settings</title> - <category>Status</category> - <version>none</version> - <include_file>/usr/local/pkg/havp.inc</include_file> - <tabs> - <tab> - <text>General page</text> - <url>/antivirus.php</url> - </tab> - <tab> - <text>HTTP Proxy</text> - <url>/pkg_edit.php?xml=havp.xml&id=0</url> - </tab> - <!--tab> - <text>Files Scanner</text> - <url>/pkg_edit.php?xml=havp_fscan.xml&id=0</url> - </tab--> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=havp_avset.xml&id=0</url> - <active/> - </tab> - <tab> - <text>HAVP Log</text> - <url>/havp_log.php</url> - </tab> - </tabs> - <fields> - <field> - <fielddescr>AV base update</fielddescr> - <fieldname>havpavupdate</fieldname> - <description> - <input name='submit' type='submit' value='Update_AV'> - Press button for update AV database now. - </description> - <type>select</type> - <value>hv_none</value> - <options> - <option><name>none </name><value>0</value></option> - <option><name>every 1 hours</name><value>1</value></option> - <option><name>every 2 hours</name><value>2</value></option> - <option><name>every 3 hours</name><value>3</value></option> - <option><name>every 4 hours</name><value>4</value></option> - <option><name>every 6 hours</name><value>5</value></option> - <option><name>every 8 hours</name><value>6</value></option> - <option><name>every 12 hours</name><value>7</value></option> - <option><name>every 24 hours</name><value>8</value></option> - </options> - </field> - <field> - <fielddescr>Regional AV database update mirror</fielddescr> - <fieldname>dbregion</fieldname> - <description>Select regional database mirror.</description> - <type>select</type> - <value></value> - <options> - <option><value></value><name>-----</name></option> - <option><value>au</value><name>Australia</name></option> - <option><value>eu</value><name>Europe</name></option> - <option><value>ca</value><name>Canada</name></option> - <option><value>cn</value><name>China</name></option> - <option><value>id</value><name>Indonesia</name></option> - <option><value>jp</value><name>Japan</name></option> - <option><value>kr</value><name>Korea</name></option> - <option><value>ml</value><name>Malaysia</name></option> - <option><value>ru</value><name>Russian</name></option> - <option><value>sa</value><name>South africa</name></option> - <option><value>tw</value><name>Taiwan</name></option> - <option><value>uk</value><name>United Kingdom</name></option> - <option><value>us</value><name>United States</name></option> - </options> - </field> - <field> - <fielddescr>Optional AV database update servers</fielddescr> - <fieldname>avupdateserver</fieldname> - <description>Enter here space separated AV update servers, or leave empty.</description> - <type>textarea</type> - <cols>60</cols> - <rows>5</rows> - </field> - <field> - <fielddescr>Log</fielddescr> - <fieldname>avsetlog</fieldname> - <description>Check this for enable log.</description> - <type>checkbox</type> - <enablefields>avsetsyslog</enablefields> - </field> - <field> - <fielddescr>SysLog</fielddescr> - <fieldname>avsetsyslog</fieldname> - <description>Check this for enable SysLog.</description> - <type>checkbox</type> - </field> - </fields> - <custom_php_command_before_form> - havp_before_form($pkg); - </custom_php_command_before_form> - <custom_php_validation_command> + <copyright> +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ +/* + havp_avset.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009-2010 Sergey Dvoriancev <dv_serg@mail.ru> + Copyright (C) 2014 Andrew Nikitin <andrey.b.nikitin@gmail.com>. + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> + <name>havpavset</name> + <title>Antivirus: Settings</title> + <category>Status</category> + <include_file>/usr/local/pkg/havp.inc</include_file> + <tabs> + <tab> + <text>General Page</text> + <url>/antivirus.php</url> + </tab> + <tab> + <text>HTTP Proxy</text> + <url>/pkg_edit.php?xml=havp.xml</url> + </tab> + <!-- + <tab> + <text>Files Scanner</text> + <url>/pkg_edit.php?xml=havp_fscan.xml</url> + </tab> + --> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=havp_avset.xml</url> + <active/> + </tab> + <tab> + <text>HAVP Log</text> + <url>/havp_log.php?logtab=havp</url> + </tab> + <tab> + <text>Clamd Log</text> + <url>/havp_log.php?logtab=clamd</url> + </tab> + </tabs> + <fields> + <field> + <fielddescr>ClamAV Database Update</fielddescr> + <fieldname>havpavupdate</fieldname> + <description> + <![CDATA[ + <input name='submit' type='submit' value='Update_AV' /> + Press button to update AV databases now. + ]]> + </description> + <type>select</type> + <value>hv_none</value> + <options> + <option><name>none </name><value>0</value></option> + <option><name>every 1 hours</name><value>1</value></option> + <option><name>every 2 hours</name><value>2</value></option> + <option><name>every 3 hours</name><value>3</value></option> + <option><name>every 4 hours</name><value>4</value></option> + <option><name>every 6 hours</name><value>5</value></option> + <option><name>every 8 hours</name><value>6</value></option> + <option><name>every 12 hours</name><value>7</value></option> + <option><name>every 24 hours</name><value>8</value></option> + </options> + </field> + <field> + <fielddescr>Regional AV Database Update Mirror</fielddescr> + <fieldname>dbregion</fieldname> + <description>Select regional database mirror.</description> + <type>select</type> + <value></value> + <options> + <option><value></value><name>-----</name></option> + <option><value>au</value><name>Australia</name></option> + <option><value>eu</value><name>Europe</name></option> + <option><value>ca</value><name>Canada</name></option> + <option><value>cn</value><name>China</name></option> + <option><value>id</value><name>Indonesia</name></option> + <option><value>jp</value><name>Japan</name></option> + <option><value>kr</value><name>Korea</name></option> + <option><value>ml</value><name>Malaysia</name></option> + <option><value>ru</value><name>Russian</name></option> + <option><value>sa</value><name>South Africa</name></option> + <option><value>tw</value><name>Taiwan</name></option> + <option><value>uk</value><name>United Kingdom</name></option> + <option><value>us</value><name>United States</name></option> + </options> + </field> + <field> + <fielddescr>Optional AV Database Update Servers</fielddescr> + <fieldname>avupdateserver</fieldname> + <description> + <![CDATA[ + Enter space-separated ClamAV update servers here, or leave empty.<br /> + Note: For official update mirrors, use db.XY.clamav.net format. (Replace XY with your <a href="http://www.iana.org/domains/root/db">country code</a>.) + ]]> + </description> + <type>textarea</type> + <cols>60</cols> + <rows>5</rows> + </field> + <field> + <fielddescr>Log</fielddescr> + <fieldname>avsetlog</fieldname> + <description>Check this to enable AV logging.</description> + <type>checkbox</type> + <enablefields>avsetsyslog</enablefields> + </field> + <field> + <fielddescr>SysLog</fielddescr> + <fieldname>avsetsyslog</fieldname> + <description>Check this to enable AV logging to syslog.</description> + <type>checkbox</type> + </field> + </fields> + <custom_php_validation_command> havp_validate_settings($_POST, $input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> + </custom_php_validation_command> + <custom_php_resync_config_command> havp_avset_resync(); - </custom_php_resync_config_command> - <custom_php_install_command> - </custom_php_install_command> - <custom_php_deinstall_command> - </custom_php_deinstall_command> + </custom_php_resync_config_command> </packagegui> diff --git a/config/havp/havp_fscan.xml b/config/havp/havp_fscan.xml index 91dce25c..1c6d6147 100644 --- a/config/havp/havp_fscan.xml +++ b/config/havp/havp_fscan.xml @@ -1,50 +1,90 @@ <?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <name>havpfscan</name> - <title>Antivirus: Files scanner</title> - <category>Status</category> - <version>none</version> - <include_file>/usr/local/pkg/havp.inc</include_file> - <tabs> - <tab> - <text>General page</text> - <url>/antivirus.php</url> - </tab> - <tab> - <text>HTTP Proxy</text> - <url>/pkg_edit.php?xml=havp.xml&id=0</url> - </tab> - <!--tab> - <text>Files Scanner</text> - <url>/pkg_edit.php?xml=havp_fscan.xml&id=0</url> - <active/> - </tab--> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=havp_avset.xml&id=0</url> - </tab> - </tabs> - <fields> - <field> - <fielddescr>Scan file path</fielddescr> - <fieldname>scanfilepath</fieldname> - <description> - Enter file path or catalog for scanning. <br> - </description> - <type>input</type> - <size>90</size> - </field> - </fields> - <custom_php_command_before_form> - havp_fscan_before_form($pkg); - </custom_php_command_before_form> - <custom_php_validation_command> - havp_validate_settings($_POST, $input_errors); - </custom_php_validation_command> - <custom_php_resync_config_command> - </custom_php_resync_config_command> - <custom_php_install_command> - </custom_php_install_command> - <custom_php_deinstall_command> - </custom_php_deinstall_command> -</packagegui>
\ No newline at end of file + <copyright> +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ +/* + havp_fscan.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009-2010 Sergey Dvoriancev <dv_serg@mail.ru> + Copyright (C) 2014 Andrew Nikitin <andrey.b.nikitin@gmail.com>. + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> + <name>havpfscan</name> + <title>Antivirus: Files Scanner</title> + <category>Status</category> + <version>none</version> + <include_file>/usr/local/pkg/havp.inc</include_file> + <tabs> + <tab> + <text>General Page</text> + <url>/antivirus.php</url> + </tab> + <tab> + <text>HTTP Proxy</text> + <url>/pkg_edit.php?xml=havp.xml</url> + </tab> + <!-- + <tab> + <text>Files Scanner</text> + <url>/pkg_edit.php?xml=havp_fscan.xml</url> + <active/> + </tab> + --> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=havp_avset.xml</url> + </tab> + </tabs> + <fields> + <field> + <fielddescr>Scan File Path</fielddescr> + <fieldname>scanfilepath</fieldname> + <description> + <![CDATA[ + Enter file path or catalog for scanning.<br /> + ]]> + </description> + <type>input</type> + <size>90</size> + </field> + </fields> + <custom_php_command_before_form> + havp_fscan_before_form($pkg); + </custom_php_command_before_form> + <custom_php_validation_command> + havp_validate_settings($_POST, $input_errors); + </custom_php_validation_command> +</packagegui> diff --git a/config/havp/havp_log.php b/config/havp/havp_log.php index f4a2dc2e..6011f137 100644 --- a/config/havp/havp_log.php +++ b/config/havp/havp_log.php @@ -1,10 +1,9 @@ <?php -/* $Id$ */ /* havp_log.php + part of pfSense (https://www.pfSense.org/) Copyright (C) 2014 Andrew Nikitin <andrey.b.nikitin@gmail.com>. - Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. - Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,19 +27,21 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); +require_once("/usr/local/pkg/havp.inc"); -if (file_exists("/usr/local/pkg/havp.inc")) - require_once("/usr/local/pkg/havp.inc"); -else echo "No havp.inc found"; - -$nentries = $config['syslog']['nentries']; -if (!$nentries) - $nentries = 50; +$nentries = $config['syslog']['nentries'] ?: "50"; +if ($_GET['logtab'] === 'havp') { + define('HAVP_CLAMDTAB', false); + define('HAVP_LOGFILE', HVDEF_HAVP_ERRORLOG); +} else { + define('HAVP_CLAMDTAB', true); + define('HAVP_LOGFILE', HVDEF_CLAM_LOG); +} -if ($_POST['clear']) - file_put_contents(HVDEF_HAVP_ERRORLOG, ''); +if ($_POST['clear']) { + file_put_contents(HAVP_LOGFILE, ''); +} function dump_havp_errorlog($logfile, $tail) { global $g, $config; @@ -48,24 +49,34 @@ function dump_havp_errorlog($logfile, $tail) { $logarr = ""; $grepline = " "; if (is_dir($logfile)) { - $logarr = array("File $logfile is a directory."); - } elseif(file_exists($logfile) && filesize($logfile) == 0) { - $logarr = array(" ... Log file is empty."); + $logarr = array("$logfile is a directory."); + } elseif (file_exists($logfile) && filesize($logfile) == 0) { + $logarr = array(" -> Log file is empty."); } else { - exec("cat " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); + exec("/bin/cat " . escapeshellarg($logfile) . "{$grepline} | /usr/bin/tail {$sor} -n " . escapeshellarg($tail), $logarr); } foreach ($logarr as $logent) { + if (HAVP_CLAMDTAB) { + $logent = explode(" -> ", $logent); + $entry_date_time = htmlspecialchars($logent[0]); + $entry_text = htmlspecialchars($logent[1]); + } else { $logent = preg_split("/\s+/", $logent, 3); - echo "<tr valign=\"top\">\n"; $entry_date_time = htmlspecialchars($logent[0] . " " . $logent[1]); $entry_text = htmlspecialchars($logent[2]); - echo "<td class=\"listlr nowrap\" width=\"130\">{$entry_date_time}</td>\n"; - echo "<td class=\"listr\">{$entry_text}</td>\n"; - echo "</tr>\n"; + } + echo "<tr valign=\"top\">\n"; + echo "<td class=\"listlr\" nowrap=\"nowrap\" width=\"130\">{$entry_date_time}</td>\n"; + echo "<td class=\"listr\">{$entry_text}</td>\n"; + echo "</tr>\n"; } } -$pgtitle = "Antivirus: HAVP log"; +if ($_GET['logtab'] === 'havp') { + $pgtitle = "Antivirus: HAVP log"; +} else { + $pgtitle = "Antivirus: Clamd log"; +} include("head.inc"); ?> @@ -73,33 +84,37 @@ include("head.inc"); <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> +<tr><td> <?php $tab_array = array(); - $tab_array[] = array(gettext("General page"), false, "antivirus.php"); - $tab_array[] = array(gettext("HTTP proxy"), false, "pkg_edit.php?xml=havp.xml&id=0"); - $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=havp_avset.xml&id=0"); - $tab_array[] = array(gettext("HAVP Log"), true, "havp_log.php"); + $tab_array[] = array(gettext("General Page"), false, "antivirus.php"); + $tab_array[] = array(gettext("HTTP Proxy"), false, "pkg_edit.php?xml=havp.xml"); + $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=havp_avset.xml"); + $tab_array[] = array(gettext("HAVP Log"), !HAVP_CLAMDTAB, "havp_log.php?logtab=havp"); + $tab_array[] = array(gettext("Clamd Log"), HAVP_CLAMDTAB, "havp_log.php?logtab=clamd"); display_top_tabs($tab_array); ?> - </td></tr> - <tr> - <td> +</td></tr> +<tr><td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <tr> + <tr> <td colspan="2" class="listtopic"> - <?php printf(gettext("Last %s HAVP log entries"), $nentries);?></td> - </tr> - <?php dump_havp_errorlog(HVDEF_HAVP_ERRORLOG, $nentries); ?> - <tr><td><br/> - <form action="havp_log.php" method="post"> - <input name="clear" type="submit" class="formbtn" value="<?=gettext("Clear log"); ?>" /></form></td></tr> + <?php printf(gettext("Last %s log entries"), $nentries);?></td> + </tr> + <?php dump_havp_errorlog(HAVP_LOGFILE, $nentries); ?> + <tr> + <td><br/> + <form action="havp_log.php?logtab=<?=(HAVP_CLAMDTAB ? 'clamd' : 'havp'); ?>" method="post"> + <input name="clear" type="submit" class="formbtn" value="<?=gettext("Clear log"); ?>" /> + </form> + </td> + </tr> </table> </div> - </td> - </tr> +</td></tr> </table> + <?php include("fend.inc"); ?> </body> </html> diff --git a/config/iftop/iftop.xml b/config/iftop/iftop.xml index 64afbc79..b9dfbe5b 100644 --- a/config/iftop/iftop.xml +++ b/config/iftop/iftop.xml @@ -3,23 +3,28 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ -/* ========================================================================== */ +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ /* - part of pfSense (http://www.pfSense.com) - Copyright (C) 2013 + iftop.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013-2015 ESF, LLC All rights reserved. -/* ========================================================================== */ +*/ +/* ====================================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -31,14 +36,12 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ +*/ +/* ====================================================================================== */ ]]> </copyright> <description>iftop</description> - <requirements>None</requirements> - <faq></faq> <name>iftop</name> - <version>0.0</version> + <version>0.17</version> <title>iftop</title> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/ipguard/ipguard.inc b/config/ipguard/ipguard.inc index 1891b24b..68e08e9f 100644 --- a/config/ipguard/ipguard.inc +++ b/config/ipguard/ipguard.inc @@ -1,88 +1,85 @@ <?php - -/* ========================================================================== */ -/* - ipguard.inc - part of the ipguard package for pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - require_once("config.inc"); - require_once("util.inc"); - -function ipguard_custom_php_deinstall_command(){ - global $g, $config; - - conf_mount_rw(); - + ipguard.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("config.inc"); +require_once("util.inc"); + +function ipguard_custom_php_deinstall_command() { stop_service('ipguard'); - $ipguard_sh_file = "/usr/local/etc/rc.d/ipguard.sh"; - if (is_file($ipguard_sh_file)) - chmod($ipguard_sh_file,0444); - - conf_mount_ro(); - } + unlink_if_exists("/usr/local/etc/rc.d/ipguard.sh"); + $files = glob("/usr/local/etc/ipguard_*.conf"); + unlink_if_exists($files); +} -function ipguard_custom_php_write_config(){ +function ipguard_custom_php_write_config() { global $g, $config; - - # detect boot process - if (is_array($_POST)){ - if (!preg_match("/\w+/",$_POST['__csrf_magic'])) + + /* Detect boot process and do nothing */ + if (function_exists("platform_booting")) { + if (platform_booting()) { return; } + } elseif ($g['booting']) { + return; + } - - if (is_array($config['installedpackages']['ipguard']['config'])){ + if (is_array($config['installedpackages']['ipguard']['config'])) { // Read config $new_config=array(); - foreach ($config['installedpackages']['ipguard']['config'] as $ipguard){ - if ($ipguard['enable'] && $ipguard['interface'] && $ipguard['mac'] && $ipguard['ip']){ - $new_config[$ipguard['interface']].= "{$ipguard['mac']} {$ipguard['ip']} {$ipguard['description']}\n"; + foreach ($config['installedpackages']['ipguard']['config'] as $ipguard) { + if ($ipguard['enable'] && $ipguard['interface'] && $ipguard['mac'] && $ipguard['ip']) { + $new_config[$ipguard['interface']] .= "{$ipguard['mac']} {$ipguard['ip']} {$ipguard['description']}\n"; } } } - //Save /etc/ssh/ipguard_extra - $script="/usr/local/etc/rc.d/ipguard.sh"; $start=""; $stop="pkill -anx ipguard"; conf_mount_rw(); - if (count ($new_config) > 0 && $ipguard['enable']){ - foreach ($new_config as $key => $value){ - $conf_file="/usr/local/etc/ipguard_{$key}.conf"; - file_put_contents($conf_file,$value,LOCK_EX); - $config_file=file_put_contents($conf_file,$new_config[$key],LOCK_EX); - $iface=convert_friendly_interface_to_real_interface_name($key); - $start.="/usr/local/sbin/ipguard -l /var/log/ipguard_{$key}.log -p /var/run/ipguard_{$key}.pid -f {$conf_file} -u 300 -z {$iface}\n\t"; + /* Create rc script and restart service if ipguard is enabled */ + if (count($new_config) > 0 && $ipguard['enable']) { + foreach ($new_config as $key => $value) { + $conf_file = "/usr/local/etc/ipguard_{$key}.conf"; + file_put_contents($conf_file, $value, LOCK_EX); + $config_file = file_put_contents($conf_file, $new_config[$key], LOCK_EX); + /* Hack around PBI stupidity; ipguard does not find its own conf files otherwise */ + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pfs_version == "2.2") { + $conf_file_link = "/usr/pbi/ipguard-" . php_uname("m") . "/local/etc/ipguard_{$key}.conf"; + /* Better recreate this every time just in case users shuffle interfaces assignment somehow */ + if (is_link($conf_file_link)) { + unlink($conf_file_link); + } + symlink($conf_file, $conf_file_link); + } + $iface = convert_friendly_interface_to_real_interface_name($key); + $start .= "/usr/local/sbin/ipguard -l /var/log/ipguard_{$key}.log -p /var/run/ipguard_{$key}.pid -f {$conf_file} -u 300 -z {$iface}\n\t"; } write_rcfile(array( 'file' => 'ipguard.sh', @@ -90,38 +87,36 @@ function ipguard_custom_php_write_config(){ 'stop' => $stop )); restart_service('ipguard'); - - } - else{ - #remove config files + + } else { + /* Otherwise, stop the service and remove rc script */ stop_service('ipguard'); - $ipguard_sh_file = "/usr/local/etc/rc.d/ipguard.sh"; - if (is_file($ipguard_sh_file)) - chmod($ipguard_sh_file,0444); + unlink_if_exists("/usr/local/etc/rc.d/ipguard.sh"); + } - // Mount Read-only conf_mount_ro(); - - //sync config with other pfsense servers + + /* Sync config with other pfSense servers */ ipguard_sync_on_changes(); - } +} /* Uses XMLRPC to synchronize the changes to a remote node */ function ipguard_sync_on_changes() { global $config, $g; - + if (is_array($config['installedpackages']['ipguardsync'])) { - if ($config['installedpackages']['ipguardsync']['config'][0]['synconchanges']) { - log_error("[ipguard] xmlrpc sync is starting."); - foreach ($config['installedpackages']['ipguardsync']['config'] as $rs ){ - foreach($rs['row'] as $sh){ + if ($config['installedpackages']['ipguardsync']['config'][0]['synconchanges']) { + log_error("[ipguard] XMLRPC sync is starting."); + foreach ($config['installedpackages']['ipguardsync']['config'] as $rs ) { + foreach ($rs['row'] as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; - if($password && $sync_to_ip) + if ($password && $sync_to_ip) { ipguard_do_xmlrpc_sync($sync_to_ip, $password); + } } } - log_error("[ipguard] xmlrpc sync is ending."); + log_error("[ipguard] XMLRPC sync is ending."); } } } @@ -130,53 +125,57 @@ function ipguard_sync_on_changes() { function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { global $config, $g; - if(!$password) + if (!$password) { return; + } - if(!$sync_to_ip) + if (!$sync_to_ip) { return; + } - $username='admin'; + $username = 'admin'; $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { + if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + } + $port = $config['system']['webgui']['port']; + /* If port is empty, let's rely on the protocol selection */ + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") { $port = "80"; - else + } else { $port = "443"; - } + } + } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ $xml = array(); $xml['ipguard'] = $config['installedpackages']['ipguard']; - /* assemble xmlrpc payload */ + /* Assemble XMLRPC payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($xml) ); - /* set a few variables needed for sync code borrowed from filter.inc */ + /* Set a few variables needed for sync code; borrowed from filter.inc */ $url = $synchronizetoip; log_error("Beginning ipguard XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - if($g['debug']) + if ($g['debug']) { $cli->setDebug(1); + } /* send our XMLRPC message and timeout after 250 seconds */ $resp = $cli->send($msg, "250"); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting ipguard XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "ipguard Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting ipguard XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -185,27 +184,27 @@ function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { } else { log_error("ipguard XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell ipguard to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/ipguard.inc');\n"; + $execcmd = "require_once('/usr/local/pkg/ipguard.inc');\n"; $execcmd .= "ipguard_custom_php_write_config();"; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("ipguard XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, "250"); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting ipguard XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "ipguard Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, "250"); $error = "An error code was received while attempting ipguard XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -215,4 +214,5 @@ function ipguard_do_xmlrpc_sync($sync_to_ip, $password) { log_error("ipguard XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } - ?>
\ No newline at end of file + +?> diff --git a/config/ipguard/ipguard.xml b/config/ipguard/ipguard.xml index 74b58f86..2b13e7e0 100644 --- a/config/ipguard/ipguard.xml +++ b/config/ipguard/ipguard.xml @@ -1,55 +1,55 @@ <?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> -<copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - ipguard.xml - part of the ipguard package for pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + ipguard.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>ipguard</name> - <version>1.0</version> - <title>Ipguard</title> - <description>Ipguard macs/ip</description> + <version>0.1.1</version> + <title>Firewall: IPguard</title> + <description>IPguard MACs/IP</description> <savetext>Save</savetext> <include_file>/usr/local/pkg/ipguard.inc</include_file> <menu> - <name>Ipguard</name> - <tooltiptext>Tool designed to protect LAN IP address space by ARP spoofing</tooltiptext> + <name>IPguard</name> + <tooltiptext>Tool designed to protect LAN IP address space by ARP spoofing.</tooltiptext> <section>Firewall</section> <url>/pkg.php?xml=ipguard.xml</url> </menu> @@ -57,17 +57,15 @@ <name>ipguard</name> <rcfile>ipguard.sh</rcfile> <executable>ipguard</executable> - <description>Tool designed to protect LAN IP address space by ARP spoofing.</description> + <description>IPguard ARP Spoofing Daemon</description> </service> <configpath>installedpackages->package->ipguard</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>755</chmod> <item>https://packages.pfsense.org/packages/config/ipguard/ipguard.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>755</chmod> <item>https://packages.pfsense.org/packages/config/ipguard/ipguard_sync.xml</item> </additional_files_needed> <tabs> @@ -92,11 +90,11 @@ <fieldname>interface</fieldname> </columnitem> <columnitem> - <fielddescr>Mac Address</fielddescr> + <fielddescr>MAC Address</fielddescr> <fieldname>mac</fieldname> </columnitem> <columnitem> - <fielddescr>Ip Address(es)</fielddescr> + <fielddescr>IP Address(es)</fielddescr> <fieldname>ip</fieldname> </columnitem> <columnitem> @@ -104,43 +102,53 @@ <fieldname>description</fieldname> </columnitem> <movable>on</movable> - <description><![CDATA[If firewall receives traffic with MAC/IP pair not listed here, it will send ARP reply with configured fake address.<br>This will prevent not permitted host from working properly in the specified ethernet segment.]]></description> + <description> + <![CDATA[ + If firewall receives traffic with MAC/IP pair not listed here, it will send ARP reply with configured fake address.<br /> + This will prevent not permitted host from working properly in the specified ethernet segment. + ]]> + </description> </adddeleteeditpagefields> <fields> <field> <type>listtopic</type> - <name>Ipguard Options</name> + <name>IPguard Options</name> <fieldname>temp</fieldname> </field> <field> - <fielddescr>sortable</fielddescr> - <fieldname>sortable</fieldname> - <display_maximum_rows>20</display_maximum_rows> - <type>sorting</type> - <include_filtering_inputbox/> - <sortablefields> - <item> - <name>Mac Address</name> - <fieldname>mac</fieldname> - <regex>/%FILTERTEXT%/i</regex> - </item> - <item> - <name>Ip Address</name> - <fieldname>ip</fieldname> - <regex>/%FILTERTEXT%/i</regex> - </item> - </sortablefields> + <fielddescr>sortable</fielddescr> + <fieldname>sortable</fieldname> + <display_maximum_rows>20</display_maximum_rows> + <type>sorting</type> + <include_filtering_inputbox/> + <sortablefields> + <item> + <name>MAC Address</name> + <fieldname>mac</fieldname> + <regex>/%FILTERTEXT%/i</regex> + </item> + <item> + <name>IP Address</name> + <fieldname>ip</fieldname> + <regex>/%FILTERTEXT%/i</regex> + </item> + </sortablefields> </field> <field> - <fielddescr>Enable</fielddescr> + <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> <type>checkbox</type> - <description><![CDATA[Enable this mac rule.<br><strong>Important Note:</strong> Always create rules for pfsense mac and ip address to avoid denying access to pfsense gui.]]></description> + <description> + <![CDATA[ + Enable this MAC rule.<br /> + <strong>Important Note:</strong> Always create rules for pfSense MAC and IP address to avoid denying access to pfFense GUI! + ]]> + </description> </field> <field> <fielddescr>Interface</fielddescr> <fieldname>interface</fieldname> - <description>The interface on which ipguard server will check this mac</description> + <description>The interface on which IPguard server will check this MAC.</description> <type>interfaces_selection</type> <required/> <default_value>lan</default_value> @@ -148,39 +156,44 @@ <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Describe this mac rule.</description> + <description>Describe this MAC rule.</description> <type>input</type> <size>50</size> <required/> </field> <field> - <fielddescr>Mac address</fielddescr> + <fielddescr>MAC Address</fielddescr> <fieldname>mac</fieldname> - <description><![CDATA[Insert mac address you want to filter.<br> - <strong>To include a permit rule, use mac=00:00:00:00:00:00</strong>]]></description> + <description> + <![CDATA[ + Insert MAC address you want to filter.<br /> + <strong>To include a permit rule, use MAC 00:00:00:00:00:00</strong> + ]]> + </description> <type>input</type> <size>25</size> <required/> </field> <field> - <fielddescr>Ip address</fielddescr> + <fielddescr>IP Address</fielddescr> <fieldname>ip</fieldname> - <description><![CDATA[Insert ip address, hostname or network cidr you want to apply on this ipguard rule.<br> - <strong>To include a permit rule, use your lan cidr or 0.0.0.0</strong>]]></description> + <description> + <![CDATA[ + Insert IP address, hostname or network CIDR you want to apply on this IPguard rule.<br> + <strong>To include a permit rule, use your LAN CIDR or 0.0.0.0</strong> + ]]> + </description> <type>input</type> <size>40</size> <required/> </field> </fields> - <custom_delete_php_command> ipguard_custom_php_write_config(); </custom_delete_php_command> <custom_add_php_command> ipguard_custom_php_write_config(); </custom_add_php_command> - <custom_php_install_command> - </custom_php_install_command> <custom_php_deinstall_command> ipguard_custom_php_deinstall_command(); </custom_php_deinstall_command> @@ -190,5 +203,4 @@ <custom_php_command_before_form> unset($_POST['temp']); </custom_php_command_before_form> - -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/ipguard/ipguard_sync.xml b/config/ipguard/ipguard_sync.xml index 0b5ffecb..609dd6ca 100755 --- a/config/ipguard/ipguard_sync.xml +++ b/config/ipguard/ipguard_sync.xml @@ -1,49 +1,49 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - ipguard_sync.xml - part of the ipguard package for pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + ipguard_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>ipguardsync</name> - <version>1.0</version> - <title>Ipguard - Sync</title> + <version>0.1.1</version> + <title>IPguard - Sync</title> <include_file>/usr/local/pkg/ipguard.inc</include_file> <tabs> <tab> @@ -89,8 +89,6 @@ </rowhelper> </field> </fields> - <custom_php_validation_command> - </custom_php_validation_command> <custom_php_resync_config_command> ipguard_custom_php_write_config(); </custom_php_resync_config_command> diff --git a/config/ipmitool/ipmitool.xml b/config/ipmitool/ipmitool.xml index a42baa36..cb6bf385 100644 --- a/config/ipmitool/ipmitool.xml +++ b/config/ipmitool/ipmitool.xml @@ -3,23 +3,28 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ -/* ========================================================================== */ +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ /* - part of pfSense (http://www.pfSense.com) - Copyright (C) 2013 + ipmitool.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013-2015 ESF, LLC All rights reserved. -/* ========================================================================== */ +*/ +/* ====================================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -31,14 +36,12 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ +*/ +/* ====================================================================================== */ ]]> </copyright> <description>ipmitool</description> - <requirements>None</requirements> - <faq></faq> <name>ipmitool</name> - <version>0.0</version> + <version>1.8.12_5.1</version> <title>ipmitool</title> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/lcdproc-dev/lcdproc.inc b/config/lcdproc-dev/lcdproc.inc index e9656afd..2282d4e3 100644 --- a/config/lcdproc-dev/lcdproc.inc +++ b/config/lcdproc-dev/lcdproc.inc @@ -139,12 +139,14 @@ function sync_package_lcdproc_screens() { } function sync_package_lcdproc() { - global $g; - global $config; - global $input_errors; + global $g, $config, $input_errors; # Detect boot process - if (platform_booting()) { + if (function_exists("platform_booting")) { + if (platform_booting()) { + return; + } + } elseif ($g['booting']) { return; } diff --git a/config/notes/notes.xml b/config/notes/notes.xml index e74a76f1..03c0a01a 100644 --- a/config/notes/notes.xml +++ b/config/notes/notes.xml @@ -45,7 +45,6 @@ <name>Notes</name> <version>0.2.6</version> <title>Settings</title> - <include_file>/usr/local/pkg/notes.inc</include_file> <menu> <name>Notes</name> <tooltiptext>Notes.</tooltiptext> @@ -61,10 +60,6 @@ </tab> </tabs> <configpath>installedpackages->package->$packagename->configuration->notes</configpath> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <item>https://packages.pfsense.org/packages/config/notes/notes.inc</item> - </additional_files_needed> <adddeleteeditpagefields> <columnitem> <fielddescr>Title</fielddescr> @@ -103,7 +98,4 @@ <rows>20</rows> </field> </fields> - <custom_php_deinstall_command> - notes_deinstall_command(); - </custom_php_deinstall_command> </packagegui> diff --git a/config/nrpe2/nrpe2.inc b/config/nrpe2/nrpe2.inc index b5e6a7d9..08aeb5c4 100644 --- a/config/nrpe2/nrpe2.inc +++ b/config/nrpe2/nrpe2.inc @@ -51,7 +51,6 @@ define('NRPE_RCFILE', '/usr/local/etc/rc.d/nrpe2.sh'); function nrpe2_custom_php_install_command() { global $g, $config; - conf_mount_rw(); $NRPE_BASE = NRPE_BASE; $NRPE_CONFIG_DIR = NRPE_CONFIG_DIR; @@ -159,14 +158,6 @@ EOD; fclose($fd); chmod(NRPE_RCFILE, 0755); - conf_mount_ro(); -} - -function nrpe2_custom_php_deinstall_command() { - global $g, $config; - conf_mount_rw(); - - conf_mount_ro(); } function nrpe2_custom_php_write_config() { diff --git a/config/nrpe2/nrpe2.xml b/config/nrpe2/nrpe2.xml index 1204e8ec..f70835c3 100644 --- a/config/nrpe2/nrpe2.xml +++ b/config/nrpe2/nrpe2.xml @@ -179,7 +179,6 @@ nrpe2_custom_php_service(); </custom_php_install_command> <custom_php_deinstall_command> - nrpe2_custom_php_deinstall_command(); nrpe2_custom_php_write_config(); </custom_php_deinstall_command> <custom_php_resync_config_command> diff --git a/config/ntop2/ntop.xml b/config/ntop2/ntop.xml index 57354f61..6ba86525 100644 --- a/config/ntop2/ntop.xml +++ b/config/ntop2/ntop.xml @@ -160,9 +160,6 @@ <custom_php_install_command> sync_package_ntop(); </custom_php_install_command> - <custom_php_deinstall_command> - exec("rm /usr/local/etc/rc.d/ntop*"); - </custom_php_deinstall_command> <custom_php_validation_command> <![CDATA[ if ($_POST) { diff --git a/config/ntopng/ntopng.inc b/config/ntopng/ntopng.inc new file mode 100644 index 00000000..73db1ab0 --- /dev/null +++ b/config/ntopng/ntopng.inc @@ -0,0 +1,383 @@ +<?php +/* + ntopng.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +require_once("pkg-utils.inc"); + +function ntopng_php_install_command() { + global $config, $pf_version, $scripts_path, $fonts_path; + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + + /* Various hacks around PBI stupidity */ + if ($pf_version == "2.2") { + $fonts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/lib/X11/fonts"; + $scripts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/scripts"; + } else if ($pf_version == "2.1") { + $fonts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/lib/X11/fonts"; + $scripts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng/scripts"; + } else { + $fonts_path = "/usr/local/lib/X11/fonts"; + } + if ($pf_version == "2.1" || $pf_version == "2.2") { + $ntopng_share_path = "/usr/local/share/ntopng"; + $scripts_link_path = $ntopng_share_path . "/scripts"; + safe_mkdir("$ntopng_share_path", 0755); + if (!file_exists($scripts_link_path)) { + symlink($scripts_path, $scripts_link_path); + } + } + /* Fix broken GUI fonts */ + mwexec("/bin/cp -Rp {$fonts_path}/webfonts/ {$fonts_path}/TTF/"); + + /* Create dirs for Redis DB, data and graphs */ + ntopng_create_datadir(); +} + +function ntopng_php_deinstall_command() { + global $config, $pf_version; + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + /* Remove the PBI-related hacks */ + if ($pf_version == "2.1" || $pf_version == "2.2") { + if (is_dir("/usr/local/share/ntopng/")) { + mwexec("rm -rf /usr/local/share/ntopng/"); + } + } + /* Wipe data and settings if the user does not wish to keep them */ + $ntopng_config = $config['installedpackages']['ntopng']['config'][0]; + if ($ntopng_config['keepdata'] != "on") { + if (is_dir("/var/db/ntopng/")) { + mwexec("rm -rf /var/db/ntopng/"); + } + if (is_array($config['installedpackages']['ntopng'])) { + unset($config['installedpackages']['ntopng']); + write_config("[ntopng] Removed package settings on uninstall."); + } + log_error(gettext("[ntopng] Removed package data and settings since 'Keep Data/Settings' is disabled.")); + } +} + +function ntopng_sync_package() { + /* These are done via ntopng_validate_input(), just return */ + if ($_POST['Submit'] == "Update GeoIP Data") { + return; + } + if ($_POST['Delete'] == "Delete (Historical) Data") { + return; + } + + global $g, $config, $pf_version, $ntopng_config; + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + + $ifaces = ""; + $ntopng_config =& $config['installedpackages']['ntopng']['config'][0]; + foreach ($ntopng_config['interface_array'] as $iface) { + $if = convert_friendly_interface_to_real_interface_name($iface); + if ($if) { + $ifaces .= " -i " . escapeshellarg("{$if}"); + } + } + + /* DNS Mode */ + if (is_numeric($ntopng_config['dns_mode']) && ($ntopng_config['dns_mode'] >= 0) && ($ntopng_config['dns_mode'] <= 3)) { + $dns_mode = "--dns-mode " . escapeshellarg($ntopng_config['dns_mode']); + } + + /* Local Networks */ + switch ($ntopng_config['local_networks']) { + case "selected": + $nets = array(); + foreach ($ntopng_config['interface_array'] as $iface) { + if (is_ipaddr(get_interface_ip($iface))) { + $nets[] = gen_subnet(get_interface_ip($iface), get_interface_subnet($iface)) . '/' . get_interface_subnet($iface); + } + } + if (!empty($nets)) { + $local_networks = "--local-networks " . escapeshellarg(implode(",", $nets)); + } + break; + case "lanonly": + if (is_ipaddr(get_interface_ip('lan'))) { + $local_networks = "--local-networks " . escapeshellarg(gen_subnet(get_interface_ip('lan'), get_interface_subnet('lan')) . '/' . get_interface_subnet('lan')); + } + break; + case "rfc1918": + default: + $local_networks = "--local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8'"; + break; + } + + /* Historical Data Storage, Dump expired flows */ + if ($ntopng_config['dump_flows'] == "on") { + $dump_flows = "-F"; + } + + /* Disable alerts */ + if ($ntopng_config['disable_alerts'] == "on") { + $disable_alerts = "-H"; + } + + /* Create rc script */ + if ($pf_version == "2.2") { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin"; + } elseif ($pf_version == "2.1") { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin"; + } else { + $redis_path = "/usr/local/bin"; + } + + $start = ""; + $stop = ""; + if ($pf_version == "2.2") { + $start .= "/sbin/ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/local/lib\n"; + } elseif ($pf_version == "2.1") { + $start .= "/sbin/ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/lib\n"; + } + $start .= "\t{$redis_path}/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb &\n"; + // TODO: + // Add support for --data-dir /somewhere, --httpdocs-dir /somewhereelse, + // --dump-timeline (on/off) --http-port, --https-port + + $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$disable_alerts} {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &\n"; + $stop .= "/usr/bin/killall ntopng redis-cli redis-server\n"; + write_rcfile(array("file" => "ntopng.sh", "start" => $start, "stop" => $stop)); + + /* Set up admin password */ + ntopng_set_redis_password(); + + /* Restart services if enabled and not booting */ + if ((function_exists("platform_booting")) && (!platform_booting())) { + ntopng_services_stop(); + if ($ntopng_config['enable'] == "on") { + start_service("ntopng"); + sleep(20); + } + } elseif (!($g['booting'])) { + ntopng_services_stop(); + if ($ntopng_config['enable'] == "on") { + start_service("ntopng"); + sleep(20); + } + } +} + +function ntopng_services_stop() { + if ((is_process_running("redis-server")) || (is_process_running("ntopng"))) { + stop_service("ntopng"); + } + for ($i = 0; $i <= 10; $i++) { + if ((!is_process_running("redis-server")) && (!is_process_running("ntopng"))) { + break; + } + sleep(2); + } +} + +function ntopng_redis_started() { + global $redis_path, $pf_version, $redis_started; + $redis_started = false; + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pf_version == "2.2") { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin"; + } elseif ($pf_version == "2.1") { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin"; + } else { + $redis_path = "/usr/local/bin"; + } + if (!is_process_running("redis-server")) { + if ($pf_version == "2.2") { + mwexec("/sbin/ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/local/lib"); + } elseif ($pf_version == "2.1") { + mwexec("/sbin/ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/lib"); + } + mwexec_bg("{$redis_path}/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb"); + for ($i = 0; $i <= 10; $i++) { + if (is_process_running("redis-server")) { + $redis_started = true; + break; + } + sleep(1); + } + } else { + $redis_started = true; + } + return $redis_started; +} + +function ntopng_set_redis_password() { + global $config, $ntopng_config, $redis_path; + $ntopng_config = $config['installedpackages']['ntopng']['config'][0]; + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pf_version == "2.2") { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin"; + } elseif ($pf_version == "2.1") { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin"; + } else { + $redis_path = "/usr/local/bin"; + } + + if (!empty($ntopng_config['redis_password'])) { + $password = md5($ntopng_config['redis_password']); + if (ntopng_redis_started()) { + mwexec("{$redis_path}/redis-cli SET user.admin.password " . escapeshellarg($password)); + mwexec("{$redis_path}/redis-cli save"); + } else { + log_error(gettext("[ntopng] Cannot set admin password - redis-server is not running.")); + } + } +} + +function ntopng_create_datadir() { + safe_mkdir("/var/db/ntopng/rrd/graphics", 0755); + mwexec("/bin/chmod -R 755 /var/db/ntopng"); + mwexec("/usr/sbin/chown -R nobody:nobody /var/db/ntopng"); +} + +function ntopng_update_geoip() { + global $config; + $fetchcmd = "/usr/bin/fetch"; + $geolite_city = "https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"; + $geolite_city_v6 = "https://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz"; + $geoip_asnum = "https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz"; + $geoip_asnum_v6 = "https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz"; + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pf_version == "2.2") { + $output_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng"; + } elseif ($pf_version == "2.1") { + $output_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng"; + } else { + $output_dir = "/usr/local/share/ntopng"; + } + + mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geolite_city}"); + mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geolite_city_v6}"); + mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geoip_asnum}"); + mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geoip_asnum_v6}"); + + ntopng_fixup_geoip(); + + /* Do not (re)start services on package (re)install, only on manual GeoIP updates via the GUI */ + if ($_POST['Submit'] == "Update GeoIP Data") { + $ntopng_config = $config['installedpackages']['ntopng']['config'][0]; + ntopng_services_stop(); + if ($ntopng_config['enable'] == "on") { + start_service("ntopng"); + } + } +} + +function ntopng_fixup_geoip() { + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pf_version == "2.2") { + $target_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/httpdocs/geoip"; + $source_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng"; + } elseif ($pf_version == "2.1") { + $target_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng/httpdocs/geoip"; + $source_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng"; + } else { + $target_dir = "/usr/local/share/ntopng/httpdocs/geoip"; + $source_dir = "/usr/local/share/ntopng"; + } + + safe_mkdir($target_dir, 0755); + + foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) { + /* Decompress if needed. */ + if (substr($geofile, -3, 3) == ".gz") { + // keep -f here, otherwise the files will not get updated + mwexec("/usr/bin/gzip -d -f " . escapeshellarg($geofile)); + } + } + + /* Use a separate glob since the filenames could have changed since the last run */ + foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) { + $target_file = $target_dir . '/' . basename($geofile); + if (!file_exists($target_file)) { + symlink($geofile, $target_file); + } + } +} + +function ntopng_flush_historical_data() { + global $config, $ntopng_config, $redis_path; + $ntopng_config = $config['installedpackages']['ntopng']['config'][0]; + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pf_version == "2.2") { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin"; + } elseif ($pf_version == "2.1") { + $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin"; + } else { + $redis_path = "/usr/local/bin"; + } + + if (ntopng_redis_started()) { + /* Delete all the keys of all the existing Redis databases */ + mwexec("{$redis_path}/redis-cli flushall"); + log_error(gettext("[ntopng] Flushed Redis DB.")); + /* Set admin password while redis-server is still running */ + ntopng_set_redis_password(); + log_error(gettext("[ntopng] Set admin password for Redis DB.")); + /* Stop services and delete all graphs, data and dump flows */ + ntopng_services_stop(); + if (is_dir("/var/db/ntopng/")) { + mwexec("rm -rf /var/db/ntopng/"); + log_error(gettext("[ntopng] Deleted ntopng historical traffic data and graphs.")); + } else { + log_error(gettext("[ntopng] Nothing to delete; /var/db/ntopng/ directory not found.")); + } + /* Re-create the required directory structure with proper permissions */ + ntopng_create_datadir(); + log_error(gettext("[ntopng] Re-created required data directory structure.")); + /* Resync settings and restart services if enabled */ + unset($_POST['Delete']); + ntopng_sync_package(); + log_error(gettext("[ntopng] Resynced ntopng settings.")); + } else { + $error = "Cannot delete historical data - redis-server is not running."; + log_error(gettext("[ntopng] {$error}")); + file_notice("ntopng", $error, "ntopng Delete Historical Data", ""); + } +} + +function ntopng_validate_input($post, &$input_errors) { + if (empty($post['redis_password']) || empty($post['redis_passwordagain'])) { + $input_errors[] = "You must provide (and confirm) ntopng's password."; + } + if ((strlen($post['redis_password']) < 5) || (strlen($post['redis_passwordagain']) < 5)) { + $input_errors[] = "Password must have at least 5 characters."; + } + if ($post['redis_password'] != $post['redis_passwordagain']) { + $input_errors[] = "The provided passwords did not match."; + } + if ($post['Submit'] == "Update GeoIP Data") { + ntopng_update_geoip(); + } + if ($post['Delete'] == "Delete (Historical) Data") { + ntopng_flush_historical_data(); + } +} + +?> diff --git a/config/ntopng/ntopng.xml b/config/ntopng/ntopng.xml index 6c01515c..ee1a4d3e 100644 --- a/config/ntopng/ntopng.xml +++ b/config/ntopng/ntopng.xml @@ -9,7 +9,7 @@ /* ntopng.xml part of pfSense (https://www.pfSense.org/) - Copyright (C) 2014 ESF, LLC + Copyright (C) 2014-2015 ESF, LLC All rights reserved. */ /* ========================================================================== */ @@ -39,33 +39,36 @@ ]]> </copyright> <name>ntopng</name> - <version>0.7.2</version> + <version>0.8.0</version> <title>Diagnostics: ntopng Settings</title> - <savetext>Change</savetext> + <include_file>/usr/local/pkg/ntopng.inc</include_file> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/ntopng/ntopng.inc</item> + </additional_files_needed> <aftersaveredirect>pkg_edit.php?xml=ntopng.xml</aftersaveredirect> <menu> <name>ntopng Settings</name> <tooltiptext>Set ntopng settings such as password and port.</tooltiptext> <section>Diagnostics</section> - <url>/pkg_edit.php?xml=ntopng.xml&id=0</url> + <url>/pkg_edit.php?xml=ntopng.xml</url> </menu> <menu> <name>ntopng</name> <tooltiptext>Access ntopng</tooltiptext> <section>Diagnostics</section> <url>http://$myurl:3000</url> - <depends_on_service>ntopng</depends_on_service> </menu> <service> <name>ntopng</name> <rcfile>ntopng.sh</rcfile> <executable>ntopng</executable> - <description>ntopng bandwidth monitoring/graphing</description> + <description>ntopng Network Traffic Monitor</description> </service> <tabs> <tab> <text>ntopng Settings</text> - <url>/pkg_edit.php?xml=ntopng.xml&id=0</url> + <url>/pkg_edit.php?xml=ntopng.xml</url> <active/> </tab> <tab> @@ -75,32 +78,57 @@ </tabs> <fields> <field> + <fielddescr>Enable ntopng</fielddescr> + <fieldname>enable</fieldname> + <description>Check this to enable ntopng.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Keep Data/Settings</fielddescr> + <fieldname>keepdata</fieldname> + <description> + <![CDATA[ + Check this to keep ntopng settings, graphs and traffic data. (Default: on)<br /> + <strong><span class="errmsg">Note:</span> If 'Keep Data/Settings' is disabled, all settings and data will be wiped on package uninstall/reinstall/upgrade!</strong> + ]]> + </description> + <type>checkbox</type> + <default_value>on</default_value> + </field> + <field> <fielddescr>ntopng Admin Password</fielddescr> - <fieldname>password</fieldname> - <description>Enter the password for the ntopng GUI. Minimum 5 characters, defaults to admin.</description> + <fieldname>redis_password</fieldname> + <description>Enter the password for the ntopng GUI. Minimum 5 characters.</description> <type>password</type> + <required>true</required> + <size>20</size> </field> <field> <fielddescr>Confirm ntopng Admin Password</fielddescr> - <fieldname>passwordagain</fieldname> + <fieldname>redis_passwordagain</fieldname> <type>password</type> + <required>true</required> + <size>20</size> </field> <field> <fielddescr>Interface</fielddescr> <fieldname>interface_array</fieldname> <type>interfaces_selection</type> <size>3</size> - <value>lan</value> + <default_value>lan</default_value> <multiple>true</multiple> + <hideinterfaceregex>loopback</hideinterfaceregex> </field> <field> <fielddescr>DNS Mode</fielddescr> <fieldname>dns_mode</fieldname> <description> - Configures how name resolution is handled<br/><br/> - Additionally, GeoIP Data can provide location information about IP addresses.<br/> - This product includes GeoLite data created by MaxMind, available from <a href="http://www.maxmind.com">http://www.maxmind.com</a>.<br/> - <input type="submit" name="Submit" value="Update GeoIP Data"> + <![CDATA[ + Configures how name resolution is handled.<br /><br /> + Additionally, GeoIP Data can provide location information about IP addresses.<br /> + This product includes GeoLite data created by MaxMind, available from <a href="http://www.maxmind.com">http://www.maxmind.com</a><br /><br /> + <input type="submit" name="Submit" value="Update GeoIP Data" /> + ]]> </description> <type>select</type> <default_value>0</default_value> @@ -114,7 +142,12 @@ <field> <fielddescr>Local Networks</fielddescr> <fieldname>local_networks</fieldname> - <description>Configures how Local Networks are defined</description> + <description> + <![CDATA[ + Configures how Local Networks are defined.<br /> + (Default: Consider all RFC1918 networks local) + ]]> + </description> <type>select</type> <default_value>rfc1918</default_value> <options> @@ -126,226 +159,37 @@ <field> <fielddescr>Historical Data Storage</fielddescr> <fieldname>dump_flows</fieldname> - <description>Enable historical data storage</description> + <description> + <![CDATA[ + Enable historical data storage.<br /> + <strong><span class="errmsg">WARNING:</span> This feature consumes HUGE amount of disk space.</strong> + Also, browsing the historical data is VERY slow.<br /> + The historical interface is considered <a href="http://www.gossamer-threads.com/lists/ntop/misc/37506#37506">abandoned by upstream</a>, + pending more usable replacement.<br /><br /> + <input type="submit" name="Delete" value="Delete (Historical) Data" /> + <strong><span class="errmsg">WARNING:</span> This will delete all ntopng graphs, traffic data and historical dump flows! + ]]> + </description> <type>checkbox</type> </field> <field> <fielddescr>Disable Alerts</fielddescr> <fieldname>disable_alerts</fieldname> - <description>Disables all alerts generated by ntopng, such as flooding notifications</description> + <description>Disables all alerts generated by ntopng, such as flooding notifications.</description> <type>checkbox</type> </field> </fields> - <custom_php_global_functions> - <![CDATA[ - function sync_package_ntopng() { - if ($_POST['Submit'] == "Update GeoIP Data") { - return; - } - conf_mount_rw(); - global $config; - global $input_errors; - global $pf_version, $scripts_path, $fonts_path; - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($_POST) { - $config['installedpackages']['ntopng']['config'] = array(); - $config['installedpackages']['ntopng']['config'][0] = $_POST; - } - $ntopng_config =& $config['installedpackages']['ntopng']['config'][0]; - $if_final = ""; - $ifaces_final = ""; - safe_mkdir("/var/db/ntopng/rrd/graphics", 0755, true); - system("/bin/chmod -R 755 /var/db/ntopng"); - system("/usr/sbin/chown -R nobody:nobody /var/db/ntopng"); - - if ($pf_version == "2.2") { - $fonts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/lib/X11/fonts"; - $scripts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/scripts"; - } else if ($pf_version == "2.1") { - $fonts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/lib/X11/fonts"; - $scripts_path = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng/scripts"; - } else { - $fonts_path = "/usr/local/lib/X11/fonts"; - } - if ($pf_version == "2.1" || $pf_version == "2.2") { - $ntopng_share_path = "/usr/local/share/ntopng"; - $scripts_link_path = $ntopng_share_path . "/scripts"; - safe_mkdir("$ntopng_share_path", 0755, true); - if (!file_exists($scripts_link_path)) { - symlink($scripts_path, $scripts_link_path); - } - } - system("/bin/cp -Rp {$fonts_path}/webfonts/ {$fonts_path}/TTF/"); - - $first = 0; - foreach($ntopng_config['interface_array'] as $iface) { - $if = convert_friendly_interface_to_real_interface_name($iface); - if ($if) { - $ifaces .= " -i " . escapeshellarg("{$if}"); - } - } - - // DNS Mode - if (is_numeric($ntopng_config['dns_mode']) && ($ntopng_config['dns_mode'] >= 0) && ($ntopng_config['dns_mode'] <= 3)) { - $dns_mode = "--dns-mode " . escapeshellarg($ntopng_config['dns_mode']); - } - - // Local Networks > - switch ($ntopng_config['local_networks']) { - case "selected": - $nets = array(); - foreach ($ntopng_config['interface_array'] as $iface) { - if (is_ipaddr(get_interface_ip($iface))) { - $nets[] = gen_subnet(get_interface_ip($iface),get_interface_subnet($iface)) . '/' . get_interface_subnet($iface); - } - } - if (!empty($nets)) - $local_networks = "--local-networks " . escapeshellarg(implode(",", $nets)); - break; - case "lanonly": - if (is_ipaddr(get_interface_ip('lan'))) { - $local_networks = "--local-networks " . escapeshellarg(gen_subnet(get_interface_ip('lan'),get_interface_subnet('lan')) . '/' . get_interface_subnet('lan')); - } - break; - case "rfc1918": - default: - $local_networks = "--local-networks '192.168.0.0/16,172.16.0.0/12,10.0.0.0/8'"; - break; - } - - // Historical Data Storage, Dump expired flows - if ($ntopng_config['dump_flows'] >= on) { - $dump_flows = "-F"; - } - - // Disable alerts - if ($ntopng_config['disable_alerts'] >= on) { - $disable_alerts = "-H"; - } - - if ($pf_version == "2.2") { - $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/local/bin"; - } else if ($pf_version == "2.1") { - $redis_path = "/usr/pbi/ntopng-" . php_uname("m") . "/bin"; - } else { - $redis_path = "/usr/local/bin"; - } - - $start = ""; - if ($pf_version == "2.1" || $pf_version == "2.2") { - $start .= "ldconfig -m /usr/pbi/ntopng-" . php_uname("m") . "/lib\n"; - } - $start .= "\t{$redis_path}/redis-server --dir /var/db/ntopng/ --dbfilename ntopng.rdb &\n"; - // TODO: - // Add support for --data-dir /somewhere, --httpdocs-dir /somewhereelse, - // --dump-timeline (on/off) --http-port, --https-port - - $start .= "\t/usr/local/bin/ntopng -d /var/db/ntopng -G /var/run/ntopng.pid -s -e {$disable_alerts} {$dump_flows} {$ifaces} {$dns_mode} {$aggregations} {$local_networks} &"; - write_rcfile(array( - "file" => "ntopng.sh", - "start" => $start, - "stop" => "/usr/bin/killall ntopng redis-cli redis-server" - ) - ); - if (is_service_running("ntopng")) { - stop_service("ntopng"); - // Wait for ntopng to shut down cleanly. - sleep(20); - } - ntopng_fixup_geoip(); - start_service("ntopng"); - sleep(2); - - if (empty($ntopng_config['password'])) - $ntopng_config['password'] = "admin"; - $password = md5($ntopng_config['password']); - mwexec_bg("{$redis_path}/redis-cli SET user.admin.password " . escapeshellarg($password)); - mwexec_bg("{$redis_path}/redis-cli save"); - conf_mount_ro(); - } - function ntopng_update_geoip() { - $fetchcmd = "/usr/bin/fetch"; - $geolite_city = "https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz"; - $geolite_city_v6 = "https://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz"; - $geoip_asnum = "https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz"; - $geoip_asnum_v6 = "https://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz"; - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($pf_version == "2.1" || $pf_version == "2.2") { - $output_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng"; - } else { - $output_dir = "/usr/local/share/ntopng"; - } - - mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geolite_city}"); - mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geolite_city_v6}"); - mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geoip_asnum}"); - mwexec("{$fetchcmd} -o {$output_dir} -T 5 {$geoip_asnum_v6}"); - - ntopng_fixup_geoip(); - restart_service("ntopng"); - } - function ntopng_fixup_geoip() { - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($pf_version == "2.1" || $pf_version == "2.2") { - $target_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/local/share/ntopng/httpdocs/geoip"; - $source_dir = "/usr/pbi/ntopng-" . php_uname("m") . "/share/ntopng"; - } else { - $target_dir = "/usr/local/share/ntopng/httpdocs/geoip"; - $source_dir = "/usr/local/share/ntopng"; - } - - safe_mkdir($target_dir, 0755); - - foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) { - /* Decompress if needed. */ - if (substr($geofile, -3, 3) == ".gz") { - // keep -f here, otherwise the files will not get updated - mwexec("/usr/bin/gzip -d -f " . escapeshellarg($geofile)); - } - } - - /* Use a separate glob since the filenames could have changed since the last run */ - foreach(glob("{$source_dir}/Geo*.dat*") as $geofile) { - $target_file = $target_dir . '/' . basename($geofile); - if (!file_exists($target_file)) { - symlink($geofile, $target_file); - } - } - } - ]]> - </custom_php_global_functions> - <custom_add_php_command> - sync_package_ntopng(); - </custom_add_php_command> <custom_php_resync_config_command> - sync_package_ntopng(); + ntopng_sync_package(); </custom_php_resync_config_command> <custom_php_install_command> - <![CDATA[ + ntopng_php_install_command(); ntopng_update_geoip(); - sync_package_ntopng(); - ]]> </custom_php_install_command> <custom_php_deinstall_command> - exec("rm /usr/local/etc/rc.d/ntopng*"); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($pf_version == "2.1" || $pf_version == "2.2") { - if (is_dir("/usr/local/share/ntopng/")) { - exec("rm -rf /usr/local/share/ntopng/"); - } - } + ntopng_php_deinstall_command(); </custom_php_deinstall_command> <custom_php_validation_command> - <![CDATA[ - if ($_POST) { - if (empty($_POST['password']) || empty($_POST['passwordagain'])) - $input_errors[] = "You must provide (and confirm) ntopng's password."; - if ($_POST['password'] != $_POST['passwordagain']) - $input_errors[] = "The provided passwords did not match."; - if ($_POST['Submit'] == "Update GeoIP Data") { - ntopng_update_geoip(); - } - } - ]]> + ntopng_validate_input($_POST, $input_errors); </custom_php_validation_command> </packagegui> diff --git a/config/nut/nut.inc b/config/nut/nut.inc index e0ca9d30..a864b965 100644 --- a/config/nut/nut.inc +++ b/config/nut/nut.inc @@ -156,9 +156,6 @@ } function deinstall_package_nut() { - stop_service("nut"); - - unlink_if_exists(NUT_RCFILE); unlink_if_exists(NUT_DIR.'/upsmon.conf'); unlink_if_exists(NUT_DIR.'/ups.conf'); unlink_if_exists(NUT_DIR.'/upsd.conf'); @@ -495,8 +492,7 @@ EOD; } function sync_package_nut() { - global $config; - global $input_errors; + global $g, $config, $input_errors; stop_service("nut"); @@ -512,15 +508,14 @@ EOD; $return = sync_package_nut_snmp(); } - if ((!platform_booting()) && (nut_config('monitor'))) { - /* only start if enabled and system is not booting */ - /* this prevents service from starting / stopping / starting on boot */ - + /* only start if enabled and system is not booting */ + /* this prevents service from starting / stopping / starting on boot */ + if ((function_exists("platform_booting")) && (!platform_booting()) && (nut_config('monitor'))) { + log_error("[nut] INFO: Starting service"); + start_service("nut"); + } elseif ((!($g['booting'])) && (nut_config('monitor'))) { log_error("[nut] INFO: Starting service"); start_service("nut"); - if (!is_process_running('upsmon')) { - log_error("[nut] ERROR: Service failed to start: check configuration."); - } } elseif (!$return && file_exists(NUT_RCFILE)) { /* no parameters user does not want nut running */ /* lets stop the service and remove the rc file */ diff --git a/config/olsrd/olsrd.xml b/config/olsrd/olsrd.xml index 464f730d..6623c31f 100644 --- a/config/olsrd/olsrd.xml +++ b/config/olsrd/olsrd.xml @@ -164,13 +164,7 @@ <cols>50</cols> </field> </fields> - <custom_delete_php_command> - </custom_delete_php_command> <custom_php_resync_config_command> setup_wireless_olsr($if); </custom_php_resync_config_command> - <custom_php_install_command> - </custom_php_install_command> - <custom_php_deinstall_command> - </custom_php_deinstall_command> </packagegui> diff --git a/config/open-vm-tools_2/open-vm-tools.inc b/config/open-vm-tools_2/open-vm-tools.inc index f005074e..02449a1d 100644 --- a/config/open-vm-tools_2/open-vm-tools.inc +++ b/config/open-vm-tools_2/open-vm-tools.inc @@ -27,20 +27,14 @@ POSSIBILITY OF SUCH DAMAGE. */ function open_vm_tools_deinstall() { - conf_mount_rw(); - stop_service("vmware-guestd"); - unlink_if_exists("/usr/local/etc/rc.d/vmware-guestd.sh"); unlink_if_exists("/usr/local/etc/rc.d/vmware-kmod.sh"); unlink_if_exists("/boot/kernel/vmblock.ko"); unlink_if_exists("/boot/kernel/vmhgfs.ko"); unlink_if_exists("/boot/kernel/vmmemctl.ko"); unlink_if_exists("/boot/kernel/vmxnet.ko"); - conf_mount_ro(); } function open_vm_tools_install() { - conf_mount_rw(); - // Clean up old .ko files if they exist unlink_if_exists("/boot/kernel/vmblock.ko"); unlink_if_exists("/boot/kernel/vmhgfs.ko"); diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 038ffa11..93364be9 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -1,8 +1,9 @@ <?php /* openbgpd.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) - part of pfSense + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,100 +33,113 @@ require_once("service-utils.inc"); define('PKG_BGPD_CONFIG_BASE', '/var/etc/openbgpd'); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2") +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { define('PKG_BGPD_BIN', '/usr/pbi/openbgpd-' . php_uname("m") . '/sbin'); -else +} else { define('PKG_BGPD_BIN','/usr/local/sbin'); +} -define('PKG_BGPD_LOGIN', "_bgpd"); -define('PKG_BGPD_UID', "130"); -define('PKG_BGPD_GROUP', "_bgpd"); -define('PKG_BGPD_GID', "130"); -define('PKG_BGPD_GECOS', "BGP Daemon"); -define('PKG_BGPD_HOMEDIR', "/var/empty"); -define('PKG_BGPD_SHELL', "/usr/sbin/nologin"); +define('PKG_BGPD_LOGIN', "_bgpd"); +define('PKG_BGPD_UID', "130"); +define('PKG_BGPD_GROUP', "_bgpd"); +define('PKG_BGPD_GID', "130"); +define('PKG_BGPD_GECOS', "BGP Daemon"); +define('PKG_BGPD_HOMEDIR', "/var/empty"); +define('PKG_BGPD_SHELL', "/usr/sbin/nologin"); function openbgpd_install_conf() { global $config, $g; - $pkg_login = PKG_BGPD_LOGIN; - $pkg_uid = PKG_BGPD_UID; - $pkg_group = PKG_BGPD_GROUP; - $pkg_gid = PKG_BGPD_GID; - $pkg_gecos = PKG_BGPD_GECOS; - $pkg_homedir = PKG_BGPD_HOMEDIR; - $pkg_shell = PKG_BGPD_SHELL; - $pkg_bin = PKG_BGPD_BIN; + $pkg_login = PKG_BGPD_LOGIN; + $pkg_uid = PKG_BGPD_UID; + $pkg_group = PKG_BGPD_GROUP; + $pkg_gid = PKG_BGPD_GID; + $pkg_gecos = PKG_BGPD_GECOS; + $pkg_homedir = PKG_BGPD_HOMEDIR; + $pkg_shell = PKG_BGPD_SHELL; + $pkg_bin = PKG_BGPD_BIN; conf_mount_rw(); - // Since we need to embed this in a string, copy to a var. Can't embed constnats. + // Since we need to embed this in a string, copy to a var. Can't embed constants. $bgpd_config_base = PKG_BGPD_CONFIG_BASE; if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) { - // if there is a raw config specified in the config.xml use that instead of the assisted config - $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']); + // If there is a raw config specified in the config.xml, use that instead of the assisted config + $conffile = implode("\n", $config['installedpackages']['openbgpd']['rawconfig']['item']); //$conffile = $config['installedpackages']['openbgpd']['rawconfig']; } else { - // generate bgpd.conf based on the assistant - if($config['installedpackages']['openbgpd']['config']) + // Generate bgpd.conf based on the assistant + if ($config['installedpackages']['openbgpd']['config']) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; - if($config['installedpackages']['openbgpd']['config'][0]['row']) + } + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; - if($config['installedpackages']['openbgpdgroups']['config']) + } + if ($config['installedpackages']['openbgpdgroups']['config']) { $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; - if($config['installedpackages']['openbgpdneighbors']['config']) + } + if ($config['installedpackages']['openbgpdneighbors']['config']) { $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; + } - $conffile = "# This file was created by the package manager. Do not edit!\n\n"; + $conffile = "# This file was created by the package manager. Do not edit!\n\n"; // Setup AS # - if($openbgpd_conf['asnum']) + if ($openbgpd_conf['asnum']) { $conffile .= "AS {$openbgpd_conf['asnum']}\n"; + } - if($openbgpd_conf['fibupdate']) + if ($openbgpd_conf['fibupdate']) { $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n"; + } - // Setup holdtime if defined. Default is 90. - if($openbgpd_conf['holdtime']) + // Setup holdtime if defined. Default is 90. + if ($openbgpd_conf['holdtime']) { $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; + } - // Specify listen ip - if(!empty($openbgpd_conf['listenip'])) + // Specify listen IP + if (!empty($openbgpd_conf['listenip'])) { $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; - else + } else { $conffile .= "listen on 0.0.0.0\n"; - + } + // Specify router id - if($openbgpd_conf['routerid']) + if ($openbgpd_conf['routerid']) { $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; + } // Handle advertised networks - if($config['installedpackages']['openbgpd']['config'][0]['row']) - if(is_array($openbgpd_rows)) - foreach($openbgpd_rows as $row) + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { + if (is_array($openbgpd_rows)) { + foreach ($openbgpd_rows as $row) { $conffile .= "network {$row['networks']}\n"; - + } + } + } // Attach neighbors to their respective group owner - if(is_array($openbgpd_groups)) { - foreach($openbgpd_groups as $group) { + if (is_array($openbgpd_groups)) { + foreach ($openbgpd_groups as $group) { $conffile .= "group \"{$group['name']}\" {\n"; $conffile .= " remote-as {$group['remoteas']}\n"; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == $group['name']) { $conffile .= "\tneighbor {$neighbor['neighbor']} {\n"; $conffile .= "\t\tdescr \"{$neighbor['descr']}\"\n"; - if($neighbor['md5sigpass']) { + if ($neighbor['md5sigpass']) { $conffile .= "\t\ttcp md5sig password {$neighbor['md5sigpass']}\n"; } - if($neighbor['md5sigkey']) { + if ($neighbor['md5sigkey']) { $conffile .= "\t\ttcp md5sig key {$neighbor['md5sigkey']}\n"; } $setlocaladdr = true; if (is_array($neighbor['row'])) { - foreach($neighbor['row'] as $row) { - if ($row['parameters'] == "local-address") + foreach ($neighbor['row'] as $row) { + if ($row['parameters'] == "local-address") { $setlocaladdr = false; + } $conffile .= "\t\t{$row['parameters']} {$row['parmvalue']} \n"; } } @@ -136,7 +150,6 @@ function openbgpd_install_conf() { $conffile .= "\t\tlocal-address 0.0.0.0\n"; } } - $conffile .= "}\n"; } } @@ -146,12 +159,12 @@ function openbgpd_install_conf() { } // Handle neighbors that do not have a group assigned to them - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == "") { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == "") { $conffile .= "neighbor {$neighbor['neighbor']} {\n"; $conffile .= "\tdescr \"{$neighbor['descr']}\"\n"; - if ($neighbor['md5sigpass']) { + if ($neighbor['md5sigpass']) { $conffile .= "\ttcp md5sig password {$neighbor['md5sigpass']}\n"; } if ($neighbor['md5sigkey']) { @@ -159,17 +172,18 @@ function openbgpd_install_conf() { } $setlocaladdr = true; if (is_array($neighbor['row'])) { - foreach($neighbor['row'] as $row) { - if ($row['parameters'] == "local-address") + foreach ($neighbor['row'] as $row) { + if ($row['parameters'] == "local-address") { $setlocaladdr = false; + } $conffile .= "\t{$row['parameters']} {$row['parmvalue']} \n"; } } - if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) + if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) { $conffile .= "\tlocal-address {$openbgpd_conf['listenip']}\n"; - else + } else { $conffile .= "\tlocal-address 0.0.0.0\n"; - + } $conffile .= "}\n"; } } @@ -178,8 +192,8 @@ function openbgpd_install_conf() { // OpenBGPD filters $conffile .= "deny from any\n"; $conffile .= "deny to any\n"; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { $conffile .= "allow from {$neighbor['neighbor']}\n"; $conffile .= "allow to {$neighbor['neighbor']}\n"; } @@ -194,7 +208,7 @@ function openbgpd_install_conf() { $carp_ip_status_check = ""; if (is_ipaddr($openbgpd_conf['carpstatusip'])) { - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); switch ($pfs_version) { case "2.0": case "2.1": @@ -233,22 +247,22 @@ EOF; // Create rc.d file $rc_file_stop = <<<EOF -killall -TERM bgpd +/usr/bin/killall -TERM bgpd EOF; $rc_file_start = <<<EOF -if [ `pw groupshow {$pkg_group} 2>&1 | grep -c "pw: unknown group"` -gt 0 ]; then +if [ `/usr/sbin/pw groupshow {$pkg_group} 2>&1 | /usr/bin/grep -c "pw: unknown group"` -gt 0 ]; then /usr/sbin/pw groupadd {$pkg_group} -g {$pkg_gid} fi -if [ `pw usershow {$pkg_login} 2>&1 | grep -c "pw: no such user"` -gt 0 ]; then +if [ `/usr/sbin/pw usershow {$pkg_login} 2>&1 | /usr/bin/grep -c "pw: no such user"` -gt 0 ]; then /usr/sbin/pw useradd {$pkg_login} -u {$pkg_uid} -g {$pkg_gid} -c "{$pkg_gecos}" -d {$pkg_homedir} -s {$pkg_shell} fi /bin/mkdir -p {$bgpd_config_base} /usr/sbin/chown -R root:wheel {$bgpd_config_base} -/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf +/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf -NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'` +NUMBGPD=`/bin/ps auxw | /usr/bin/grep -c '[b]gpd.*parent'` if [ \${NUMBGPD} -lt 1 ] ; then {$carp_ip_status_check} {$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf @@ -259,13 +273,13 @@ EOF; write_rcfile(array( "file" => "bgpd.sh", "start" => $rc_file_start, - "stop" => $rc_file_stop + "stop" => $rc_file_stop ) ); unset($rc_file_start, $rc_file_stop); $_gb = exec("/sbin/sysctl net.inet.ip.ipsec_in_use=1"); - // bgpd process running? if so reload, else start. + // Is bgpd process running? If so, reload, else start. // Kick off newly created rc.d script if (is_ipaddr($openbgpd_conf['carpstatusip'])) { @@ -274,7 +288,7 @@ EOF; // Stop the service if the VIP is in BACKUP or INIT state. case "BACKUP": case "INIT": - exec("/usr/local/etc/rc.d/bgpd.sh stop"); + stop_service("bgpd"); break; // Start the service if the VIP is MASTER state. case "MASTER": @@ -291,59 +305,57 @@ EOF; } function openbgpd_restart() { - if(is_openbgpd_running() == true) { + if (is_openbgpd_running() == true) { exec("{$pkg_bin}/bgpctl reload"); } else { exec("{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf"); } } -// get the raw openbgpd confi file for manual inspection/editing +// Get the raw openbgpd config file for manual inspection/editing function openbgpd_get_raw_config() { $conf = PKG_BGPD_CONFIG_BASE . "/bgpd.conf"; - if (file_exists($conf)) + if (file_exists($conf)) { return file_get_contents($conf); - else + } else { return ""; + } } -// serialize the raw openbgpd config file to config.xml +// Serialize the raw openbgpd config file to config.xml function openbgpd_put_raw_config($conffile) { global $config; - if ($conffile == "") + if ($conffile == "") { unset($config['installedpackages']['openbgpd']['rawconfig']); - else { + } else { $config['installedpackages']['openbgpd']['rawconfig'] = array(); - $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n",$_POST['openbgpd_raw']); + $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n", $_POST['openbgpd_raw']); //$config['installedpackages']['openbgpd']['rawconfig'] = $conffile; } } -function deinstall_openbgpd() { - global $config, $g; - - exec("rm /usr/local/etc/rc.d/bgpd.sh"); - exec("rm /usr/local/www/openbgpd_status.php"); - exec("killall bgpd"); -} - function check_group_usage($groupname) { global $config, $g; - if($config['installedpackages']['openbgpd']['config']) + if ($config['installedpackages']['openbgpd']['config']) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; - if($config['installedpackages']['openbgpd']['config'][0]['row']) + } + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; - if($config['installedpackages']['openbgpdgroups']['config']) + } + if ($config['installedpackages']['openbgpdgroups']['config']) { $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; - if($config['installedpackages']['openbgpdneighbors']['config']) + } + if ($config['installedpackages']['openbgpdneighbors']['config']) { $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; + } - if(is_array($openbgpd_groups)) { - foreach($openbgpd_groups as $group) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) + if (is_array($openbgpd_groups)) { + foreach ($openbgpd_groups as $group) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == $group['name']) { return $neighbor['groupname']; + } } } } @@ -353,36 +365,39 @@ function check_group_usage($groupname) { function bgpd_validate_input() { global $config, $g, $input_errors; - - if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) + if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) { $input_errors[] = "AS must be entered as a number only."; + } - if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) { $input_errors[] = "Router ID must be an IP address."; + } - if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) + if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) { $input_errors[] = "Holdtime must be entered as a number."; + } - if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) + if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) { $input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs."; - + } } function bgpd_validate_group() { global $config, $g, $id, $input_errors; - if (!is_numeric($_POST['remoteas'])) + if (!is_numeric($_POST['remoteas'])) { $input_errors[] = "Remote AS must be entered as a number only."; + } - if ($_POST['name'] == "") + if ($_POST['name'] == "") { $input_errors[] = "You must enter a name."; + } $_POST['name'] = remove_bad_chars($_POST['name']); - } function remove_bad_chars($string) { - return preg_replace('/[^a-z|_|0-9]/i','',$string); + return preg_replace('/[^a-z|_|0-9]/i','', $string); } function grey_out_value_boxes() { @@ -419,11 +434,12 @@ EOF; } function is_openbgpd_running() { - $status = `ps auxw | grep -c '[b]gpd.*parent'`; - if(intval($status) > 0) + $status = shell_exec("/bin/ps auxw | /usr/bin/grep -c '[b]gpd.*parent'"); + if (intval($status) > 0) { return true; - else + } else { return false; + } } function openbgpd_get_carp_status_by_ip($ipaddr) { @@ -431,8 +447,9 @@ function openbgpd_get_carp_status_by_ip($ipaddr) { if ($iface) { $status = get_carp_interface_status($iface); // If there is no status for that interface, return null. - if (!$status) + if (!$status) { $status = null; + } } else { // If there is no VIP by that IP, return null. $status = null; @@ -448,7 +465,7 @@ function openbgpd_plugin_carp($pluginparams) { // $pluginparams['interface'] contains the affected interface /* If there is no bgp config, then stop */ - if(is_array($config['installedpackages']['openbgpd']['config'])) { + if (is_array($config['installedpackages']['openbgpd']['config'])) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; } else { return null; diff --git a/config/openbgpd/openbgpd.xml b/config/openbgpd/openbgpd.xml index 83e0122c..6ed587d6 100644 --- a/config/openbgpd/openbgpd.xml +++ b/config/openbgpd/openbgpd.xml @@ -42,7 +42,7 @@ ]]> </copyright> <name>OpenBGPD</name> - <version>0.9.3.4</version> + <version>0.9.3.7</version> <title>Services: OpenBGPD</title> <include_file>/usr/local/pkg/openbgpd.inc</include_file> <service> @@ -182,9 +182,6 @@ </rowhelper> </field> </fields> - <custom_php_deinstall_command> - deinstall_openbgpd(); - </custom_php_deinstall_command> <custom_php_resync_config_command> openbgpd_install_conf(); </custom_php_resync_config_command> diff --git a/config/openbgpd/openbgpd_groups.xml b/config/openbgpd/openbgpd_groups.xml index f43ab466..2c6f8be7 100644 --- a/config/openbgpd/openbgpd_groups.xml +++ b/config/openbgpd/openbgpd_groups.xml @@ -2,47 +2,47 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - openbgpd_groups.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) - All rights reserved. - */ -/* ========================================================================== */ + openbgpd_groups.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>OpenBGPDGroups</name> - <version>1</version> + <version>0.9.3.6</version> <title>Services: OpenBGPD Groups</title> <include_file>/usr/local/pkg/openbgpd.inc</include_file> <tabs> @@ -59,11 +59,11 @@ <url>/pkg.php?xml=openbgpd_groups.xml</url> <active/> </tab> - <tab> - <text>Raw config</text> - <url>/openbgpd_raw.php</url> - </tab> - <tab> + <tab> + <text>Raw config</text> + <url>/openbgpd_raw.php</url> + </tab> + <tab> <text>Status</text> <url>/openbgpd_status.php</url> </tab> @@ -86,28 +86,22 @@ <field> <fielddescr>Name</fielddescr> <fieldname>name</fieldname> - <description></description> <type>input</type> <size>35</size> </field> <field> <fielddescr>Remote AS</fielddescr> <fieldname>remoteas</fieldname> - <description></description> <type>input</type> <size>8</size> </field> <field> <fielddescr>Description</fielddescr> <fieldname>descr</fieldname> - <description></description> <type>input</type> <size>80</size> </field> </fields> - <custom_php_deinstall_command> - deinstall_openbgpd(); - </custom_php_deinstall_command> <custom_php_resync_config_command> openbgpd_install_conf(); </custom_php_resync_config_command> diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml index 5553c022..7b433ac4 100644 --- a/config/openbgpd/openbgpd_neighbors.xml +++ b/config/openbgpd/openbgpd_neighbors.xml @@ -2,47 +2,47 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - openbgpd_neighbors.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) - All rights reserved. - */ -/* ========================================================================== */ + openbgpd_neighbors.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>OpenBGPDNeighbors</name> - <version>1</version> + <version>0.9.3.6</version> <title>Services: OpenBGPD Neighbors</title> <include_file>/usr/local/pkg/openbgpd.inc</include_file> <tabs> @@ -76,7 +76,7 @@ <columnitem> <fielddescr>Group</fielddescr> <fieldname>groupname</fieldname> - </columnitem> + </columnitem> <columnitem> <fielddescr>Neighbor</fielddescr> <fieldname>neighbor</fieldname> @@ -100,13 +100,13 @@ <field> <fielddescr>TCP-MD5 key</fielddescr> <fieldname>md5sigkey</fieldname> - <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers. If the Local Addr option is not set listening ip will be used.</description> + <description>The MD5 key to communicate with the peer. Does not work with Cisco BGP routers. If the 'Local Addr' option is not set, listening IP will be used.</description> <type>input</type> </field> <field> <fielddescr>TCP-MD5 password</fielddescr> <fieldname>md5sigpass</fieldname> - <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. If the Local Addr option is not set listenning ip will be used.</description> + <description>The MD5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. If the 'Local Addr' option is not set, listening IP will be used.</description> <type>input</type> </field> <field> @@ -124,18 +124,21 @@ <field> <fielddescr>Neighbor Parameters</fielddescr> <fieldname>Neighbor Parameters</fieldname> - <type>rowhelper</type> - <rowhelper> + <type>rowhelper</type> + <rowhelper> <rowhelperfield> - <fielddescr>Parameters</fielddescr> - <fieldname>parameters</fieldname> - <description>Neighbor settings.</description> - <type>select</type> + <fielddescr>Parameters</fielddescr> + <fieldname>parameters</fieldname> + <description>Neighbor settings</description> + <type>select</type> <options> <option><name>Announce all</name><value>announce all</value></option> <option><name>Announce none</name><value>announce none</value></option> <option><name>Announce self</name><value>announce self</value></option> <option><name>Announce default-route</name><value>announce default-route</value></option> + <option><name>Depend on X</name><value>depend on</value></option> + <option><name>Enforce Neighbor-AS yes</name><value>enforce neighbor-as yes</value></option> + <option><name>Enforce Neighbor-AS no</name><value>enforce neighbor-as no</value></option> <option><name>Holdtime X</name><value>holdtime</value></option> <option><name>Metric X</name><value>set metric</value></option> <option><name>Multihop X</name><value>multihop</value></option> @@ -148,40 +151,42 @@ <option><name>Softreconfig out no</name><value>softreconfig out no</value></option> <option><name>Tcp md5sig password X</name><value>tcp md5sig password</value></option> <option><name>Local address X</name><value>local-address</value></option> - <option><name>set nexthop X</name><value>set nexthop</value></option> - <option><name>set nexthop blackhole</name><value>set nexthop blackhole</value></option> - <option><name>set nexthop reject</name><value>set nexthop reject</value></option> - <option><name>set nexthop no-modify</name><value>set nexthop no-modify</value></option> - <option><name>set nexthop self</name><value>set nexthop self</value></option> + <option><name>set nexthop X</name><value>set nexthop</value></option> + <option><name>set nexthop blackhole</name><value>set nexthop blackhole</value></option> + <option><name>set nexthop reject</name><value>set nexthop reject</value></option> + <option><name>set nexthop no-modify</name><value>set nexthop no-modify</value></option> + <option><name>set nexthop self</name><value>set nexthop self</value></option> </options> </rowhelperfield> <rowhelperfield> - <fielddescr>Value</fielddescr> - <fieldname>parmvalue</fieldname> - <type>input</type> - <size>25</size> + <fielddescr>Value</fielddescr> + <fieldname>parmvalue</fieldname> + <type>input</type> + <size>25</size> </rowhelperfield> - </rowhelper> + </rowhelper> </field> </fields> <custom_php_command_before_form> + <![CDATA[ $newoptions = array(); $new_groups = array(); - if($config['installedpackages']['openbgpdgroups']['config']) { - foreach($config['installedpackages']['openbgpdgroups']['config'] as $item) - $new_groups[] = $item['name']; - $counter = 0; - foreach($new_groups as $group) { + if ($config['installedpackages']['openbgpdgroups']['config']) { + foreach ($config['installedpackages']['openbgpdgroups']['config'] as $item) { + $new_groups[] = $item['name']; + } + $counter = 0; + foreach ($new_groups as $group) { $newoptions['option'][$counter]['name'] = $group; $newoptions['option'][$counter]['value'] = $group; $counter++; - } + } $newoptions['option'][$counter]['name'] = ""; - $newoptions['option'][$counter]['value'] = ""; + $newoptions['option'][$counter]['value'] = ""; $pkg['fields']['field'][4]['options'] = $newoptions; $counter = 0; - foreach($pkg['fields']['field'] as $field) { - if($field['name'] == "group") { + foreach ($pkg['fields']['field'] as $field) { + if ($field['name'] == "group") { $foundgroupid = $counter; echo "found it: $counter"; } @@ -190,11 +195,10 @@ } else { $newoptions['option'][0]['name'] = ""; $newoptions['option'][0]['value'] = ""; - $pkg['fields']['field'][4]['options'] =$newoptions; + $pkg['fields']['field'][4]['options'] = $newoptions; } + ]]> </custom_php_command_before_form> - <custom_php_deinstall_command> - </custom_php_deinstall_command> <custom_php_resync_config_command> openbgpd_install_conf(); </custom_php_resync_config_command> diff --git a/config/openbgpd/openbgpd_raw.php b/config/openbgpd/openbgpd_raw.php index ac6826b3..72a961a3 100644 --- a/config/openbgpd/openbgpd_raw.php +++ b/config/openbgpd/openbgpd_raw.php @@ -1,9 +1,9 @@ <?php -/* $Id$ */ /* openbgpd_raw.php - part of pfSense (https://www.pfsense.org/) - Copyright (C) 2009 Aarno Aukia (aarnoaukia@gmail.com) + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Aarno Aukia (aarnoaukia@gmail.com) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,36 +27,26 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); require("openbgpd.inc"); global $config; if (isset($_POST['openbgpd_raw'])) { - openbgpd_put_raw_config($_POST['openbgpd_raw']); - write_config(); - openbgpd_install_conf(); + openbgpd_put_raw_config($_POST['openbgpd_raw']); + write_config(); + openbgpd_install_conf(); } $openbgpd_raw = openbgpd_get_raw_config(); -if ($config['version'] >= 6) - $pgtitle = array("OpenBGPD", "Raw config"); -else - $pgtitle = "OpenBGPD: Raw config"; - +$pgtitle = array("OpenBGPD", "Raw config"); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?php - if ($config['version'] < 6) - echo '<p class="pgtitle">' . $pgtitle . '</font></p>'; -?> - <?php if ($savemsg) print_info_box($savemsg); ?> <div id="mainlevel"> @@ -71,29 +61,21 @@ include("head.inc"); display_top_tabs($tab_array); ?> </table> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <form action="openbgpd_raw.php" method="post" name="iform" id="iform"> - <tr> - <td class="tabcont" > - You can edit the raw bgpd.conf here.<br> - Note: Once you click "Save" below, the assistant (in the "Settings", "Neighbors" and "Groups" tabs above) will be overridden with whatever you type here. To get back the assisted config save this form below once with an empty input field. - </td> - </tr> - <tr> - <td class="tabcont" > - <textarea name="openbgpd_raw" rows="40" cols="80"><? echo $openbgpd_raw; ?></textarea> - </td> - </tr> - <tr> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" on - click="history.back()"> - </td> - </tr> - </form> + <form action="openbgpd_raw.php" method="post" name="iform" id="iform"> + <tr><td class="tabcont" > + You can edit the raw bgpd.conf here.<br /> + Note: Once you click "Save" below, the assistant (in the "Settings", "Neighbors" and "Groups" tabs above) will be overridden with whatever you type here.<br /> + To get back the assisted config, save this form below once with an empty input field. + </td></tr> + <tr><td class="tabcont" > + <textarea name="openbgpd_raw" rows="40" cols="80"><? echo $openbgpd_raw; ?></textarea> + </td></tr> + <tr><td> + <input name="Submit" type="submit" class="formbtn" value="Save" /><input class="formbtn" type="button" value="Cancel" onclick="history.back()" /> + </td></tr> + </form> </table> - </div> <?php include("fend.inc"); ?> diff --git a/config/openbgpd/openbgpd_status.php b/config/openbgpd/openbgpd_status.php index 58d63795..ed23499f 100644 --- a/config/openbgpd/openbgpd_status.php +++ b/config/openbgpd/openbgpd_status.php @@ -1,9 +1,9 @@ <?php -/* $Id$ */ /* openbgpd_status.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,36 +27,32 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); $commands = array(); -defCmdT("summary", "OpenBGPD Summary", "/usr/local/sbin/bgpctl show summary"); -defCmdT("interfaces", "OpenBGPD Interfaces", "/usr/local/sbin/bgpctl show interfaces"); -defCmdT("routing", "OpenBGPD Routing", "/usr/local/sbin/bgpctl show rib", true, 4); -defCmdT("forwarding", "OpenBGPD Forwarding", "/usr/local/sbin/bgpctl show fib", true, 5); -defCmdT("network", "OpenBGPD Network", "/usr/local/sbin/bgpctl show network"); -defCmdT("nexthops", "OpenBGPD Nexthops", "/usr/local/sbin/bgpctl show nexthop"); -defCmdT("ip", "OpenBGPD IP", "/usr/local/sbin/bgpctl show ip bgp", true, 4); -defCmdT("neighbors", "OpenBGPD Neighbors", "/usr/local/sbin/bgpctl show neighbor"); +defCmdT("summary", "OpenBGPD Summary", "/usr/local/sbin/bgpctl show summary"); +defCmdT("interfaces", "OpenBGPD Interfaces", "/usr/local/sbin/bgpctl show interfaces"); +defCmdT("routing", "OpenBGPD Routing", "/usr/local/sbin/bgpctl show rib", true, 4); +defCmdT("forwarding", "OpenBGPD Forwarding", "/usr/local/sbin/bgpctl show fib", true, 5); +defCmdT("network", "OpenBGPD Network", "/usr/local/sbin/bgpctl show network"); +defCmdT("nexthops", "OpenBGPD Nexthops", "/usr/local/sbin/bgpctl show nexthop"); +defCmdT("ip", "OpenBGPD IP", "/usr/local/sbin/bgpctl show ip bgp", true, 4); +defCmdT("neighbors", "OpenBGPD Neighbors", "/usr/local/sbin/bgpctl show neighbor"); if (isset($_REQUEST['isAjax'])) { if (isset($_REQUEST['cmd']) && isset($commands[$_REQUEST['cmd']])) { echo "{$_REQUEST['cmd']}\n"; - if (isset($_REQUEST['count'])) + if (isset($_REQUEST['count'])) { echo " of " . countCmdT($commands[$_REQUEST['cmd']]['command']) . " items"; - else + } else { echo htmlspecialchars_decode(doCmdT($commands[$_REQUEST['cmd']]['command'], $_REQUEST['limit'], $_REQUEST['filter'], $_REQUEST['header_size'])); + } } exit; } -if ($config['version'] >= 6) - $pgtitle = array("OpenBGPD", "Status"); -else - $pgtitle = "OpenBGPD: Status"; - +$pgtitle = array("OpenBGPD", "Status"); include("head.inc"); function doCmdT($command, $limit = "all", $filter = "", $header_size = 0) { @@ -88,9 +84,9 @@ function doCmdT($command, $limit = "all", $filter = "", $header_size = 0) { function countCmdT($command) { $fd = popen("{$command} 2>&1", "r"); $c = 0; - while (fgets($fd) !== FALSE) + while (fgets($fd) !== FALSE) { $c++; - + } pclose($fd); return $c; @@ -118,7 +114,7 @@ function showCmdT($idx, $data) { echo "</td></tr>\n"; } - echo "<tr><td colspan=\"2\" class=\"listlr\"><pre id=\"{$idx}\">"; /* no newline after pre */ + echo "<tr><td colspan=\"2\" class=\"listlr\"><pre id=\"{$idx}\">"; // no newline after pre echo "Gathering data, please wait...\n"; echo "</pre></td></tr>\n"; echo "</table>\n"; @@ -127,7 +123,7 @@ function showCmdT($idx, $data) { /* Define a command, with a title, to be executed later. */ function defCmdT($idx, $title, $command, $has_filter = false, $header_size = 0) { global $commands; - $title = htmlspecialchars($title,ENT_NOQUOTES); + $title = htmlspecialchars($title, ENT_NOQUOTES); $commands[$idx] = array( 'title' => $title, 'command' => $command, @@ -140,16 +136,18 @@ function listCmds() { global $commands; echo "<p>This status page includes the following information:\n"; echo "<ul width=\"700\">\n"; - foreach ($commands as $idx => $command) + foreach ($commands as $idx => $command) { echo "<li><strong><a href=\"#" . $command['title'] . "\">" . $command['title'] . "</a></strong></li>\n"; + } echo "</ul>\n"; } /* Execute all of the commands which were defined by a call to defCmd. */ function execCmds() { global $commands; - foreach ($commands as $idx => $command) + foreach ($commands as $idx => $command) { showCmdT($idx, $command); + } } ?> @@ -216,8 +214,9 @@ function execCmds() { function exec_all_cmds() { <?php foreach ($commands as $idx => $command) { - if ($command['has_filter']) + if ($command['has_filter']) { echo "\t\tupdate_count('{$idx}', {$command['header_size']});\n"; + } echo "\t\tupdate_filter('{$idx}', {$command['header_size']});\n"; } ?> @@ -231,11 +230,6 @@ else //]]> </script> -<?php - if ($config['version'] < 6) - echo '<p class="pgtitle">' . $pgtitle . '</font></p>'; -?> - <?php if ($savemsg) print_info_box($savemsg); ?> <div id="mainlevel"> @@ -251,17 +245,13 @@ else ?> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <div id="cmdspace" style="width:100%"> - <?php listCmds(); ?> - - <?php execCmds(); ?> - </div> + <tr><td class="tabcont" > + <div id="cmdspace" style="width:100%"> + <?php listCmds(); ?> - </td> - </tr> + <?php execCmds(); ?> + </div> + </td></tr> </table> </div> diff --git a/config/openvpn-client-export/openvpn-client-export.inc b/config/openvpn-client-export/openvpn-client-export.inc index 963a2604..2ecb436b 100755 --- a/config/openvpn-client-export/openvpn-client-export.inc +++ b/config/openvpn-client-export/openvpn-client-export.inc @@ -62,18 +62,7 @@ function openvpn_client_export_install() { } function openvpn_client_export_deinstall() { - global $current_openvpn_version; - conf_mount_rw(); - $phpfile = "vpn_openvpn_export.php"; - $phpfile2 = "vpn_openvpn_export_shared.php"; - $ovpndir = "/usr/local/share/openvpn"; - $workdir = "{$ovpndir}/client-export"; - - unlink_if_exists("/usr/local/www/{$phpfile}"); - unlink_if_exists("/usr/local/www/{$phpfile2}"); - unlink_if_exists("/usr/local/pkg/openvpn-client-export-{$current_openvpn_version}.tgz"); - exec("/bin/rm -r {$workdir}"); - conf_mount_ro(); + exec("/bin/rm -r /usr/local/share/openvpn/client-export"); } function openvpn_client_export_prefix($srvid, $usrid = null, $crtid = null) { @@ -138,7 +127,7 @@ function openvpn_client_export_validate_config($srvid, $usrid, $crtid) { if (!$server_cert) { $input_errors[] = "Could not locate server certificate."; } else { - $server_ca = lookup_ca($server_cert['caref']); + $server_ca = ca_chain($server_cert); if (!$server_ca) { $input_errors[] = "Could not locate the CA reference for the server certificate."; } @@ -391,7 +380,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys file_put_contents("{$tempdir}/{$prefix}.ovpn", $conf); $cafile = "{$tempdir}/{$cafile}"; - file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); + file_put_contents("{$cafile}", $server_ca); if ($settings['tls']) { $tlsfile = "{$tempdir}/{$prefix}-tls.key"; file_put_contents($tlsfile, base64_decode($settings['tls'])); @@ -425,7 +414,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys case "inlinedroid": case "inlineios": // Inline CA - $conf .= "<ca>{$nl}" . trim(base64_decode($server_ca['crt'])) . "{$nl}</ca>{$nl}"; + $conf .= "<ca>{$nl}" . trim($server_ca) . "{$nl}</ca>{$nl}"; if ($settings['mode'] != "server_user") { // Inline Cert $conf .= "<cert>{$nl}" . trim(base64_decode($cert['crt'])) . "{$nl}</cert>{$nl}"; @@ -453,7 +442,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys file_put_contents("{$tempdir}/vpn.cnf", $conf); $cafile = "{$keydir}/ca.crt"; - file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); + file_put_contents("{$cafile}", $server_ca); if ($settings['tls']) { $tlsfile = "{$keydir}/ta.key"; file_put_contents($tlsfile, base64_decode($settings['tls'])); @@ -479,7 +468,7 @@ function openvpn_client_export_config($srvid, $usrid, $crtid, $useaddr, $verifys file_put_contents("{$tempdir}/vpn.cnf", $conf); $cafile = "{$tempdir}/ca.crt"; - file_put_contents("{$cafile}", base64_decode($server_ca['crt'])); + file_put_contents("{$cafile}", $server_ca); if ($settings['tls']) { $tlsfile = "{$tempdir}/ta.key"; file_put_contents($tlsfile, base64_decode($settings['tls'])); @@ -572,7 +561,7 @@ function openvpn_client_export_installer($srvid, $usrid, $crtid, $useaddr, $veri file_put_contents($cfgfile, $conf); $cafile = "{$tempdir}/config/{$prefix}-ca.crt"; - file_put_contents($cafile, base64_decode($server_ca['crt'])); + file_put_contents($cafile, $server_ca); if ($settings['tls']) { $tlsfile = "{$tempdir}/config/{$prefix}-tls.key"; file_put_contents($tlsfile, base64_decode($settings['tls'])); @@ -708,7 +697,7 @@ EOF; // write ca $cafile = "{$tempdir}/ca.crt"; - file_put_contents($cafile, base64_decode($server_ca['crt'])); + file_put_contents($cafile, $server_ca); if ($settings['mode'] != "server_user") { diff --git a/config/openvpn-client-export/openvpn-client-export.xml b/config/openvpn-client-export/openvpn-client-export.xml index 1a150dc5..f1d032a9 100755 --- a/config/openvpn-client-export/openvpn-client-export.xml +++ b/config/openvpn-client-export/openvpn-client-export.xml @@ -44,7 +44,7 @@ ]]> </copyright> <name>OpenVPN Client Export</name> - <version>1.2.19</version> + <version>1.2.20</version> <title>OpenVPN Client Export</title> <include_file>/usr/local/pkg/openvpn-client-export.inc</include_file> <tabs> diff --git a/config/pfblockerng/countrycodes.tar.bz2 b/config/pfblockerng/countrycodes.tar.bz2 Binary files differindex 12cc1b5b..ea189de6 100644 --- a/config/pfblockerng/countrycodes.tar.bz2 +++ b/config/pfblockerng/countrycodes.tar.bz2 diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index 379ce223..646e54ca 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -2724,53 +2724,6 @@ function pfblockerng_validate_input($post, &$input_errors) { } } - -function pfblockerng_php_install_command() { - require_once("/usr/local/www/pfblockerng/pfblockerng.php"); - global $config,$pfb; - pfb_global(); - - // Remove previously used CC folder location if exists - @rmdir_recursive("{$pfb['dbdir']}/cc"); - - // Uncompress Country Code File - @copy("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2"); - exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f {$pfb['ccdir']}/countrycodes.tar.bz2"); - // Download MaxMind Files and Create Country Code files and Build Continent XML Files - update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); - exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); - - update_output_window(gettext("MaxMind Country Database downloads completed...")); - update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); - pfblockerng_uc_countries(); - update_output_window(gettext("Creating pfBlockerNG Continenet XML Files...")); - pfblockerng_get_countries(); - update_output_window(gettext("Completed Creating pfBlockerNG Continenet XML Files...")); - - // Remove Original Maxmind Database Files - @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); - @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); - @unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); - @unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); - - // Add Widget to Dashboard - update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); - if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { - // Restore previous Widget setting if "Keep" is enabled. - $config['widgets']['sequence'] = $pfb['widgets']; - } else { - $widgets = $config['widgets']['sequence']; - if (!preg_match("/pfblockerng-container/", $widgets)) { - if (empty($widgets)) { - $config['widgets']['sequence'] = "pfblockerng-container:col2:show"; - } else { - $config['widgets']['sequence'] .= ",pfblockerng-container:col2:show"; - } - } - } -} - - function pfblockerng_php_deinstall_command() { require_once("config.inc"); global $config,$pfb; @@ -3030,4 +2983,4 @@ function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $p } return $success; } -?>
\ No newline at end of file +?> diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index f69983e2..83b0ed8d 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -189,7 +189,7 @@ function pfb_update_check($header_url, $list_url, $url_format, $pfbfolder) { if (file_exists($local_file)) { // Determine if URL is Remote or Local if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { - $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file)); + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($list_url)); } else { $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url))); $remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds); diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index fcfbcae1..5858b08b 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -81,7 +81,7 @@ DISK_NAME=`/bin/df /var/db/rrd | /usr/bin/tail -1 | /usr/bin/awk '{print $1;}'` DISK_TYPE=`/usr/bin/basename ${DISK_NAME} | /usr/bin/cut -c1-2` if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then - /usr/local/bin/php /etc/rc.conf_mount_rw >/dev/null 2>&1 + /etc/rc.conf_mount_rw >/dev/null 2>&1 if [ ! -d $pfbdbdir ]; then mkdir $pfbdbdir; fi if [ ! -d $pfsense_alias_dir ]; then mkdir $pfsense_alias_dir; fi fi @@ -104,7 +104,7 @@ if [ ! -d $tmpxlsx ]; then mkdir $tmpxlsx; fi # Exit Function to set mount RO if required before Exiting exitnow() { if [ "${PLATFORM}" != "pfSense" ] || [ ${USE_MFS_TMPVAR} -gt 0 ] || [ "${DISK_TYPE}" = "md" ]; then - /usr/local/bin/php /etc/rc.conf_mount_ro >/dev/null 2>&1 + /etc/rc.conf_mount_ro >/dev/null 2>&1 fi exit } @@ -235,11 +235,11 @@ cp $pfbdeny$alias".txt" $tempfile; > $dedupfile data255="$(cut -d '.' -f 1-3 $tempfile | awk '{a[$0]++}END{for(i in a){if(a[i] > 255){print i}}}')" if [ ! -z "$data255" ]; then for ip in $data255; do - ii=$(echo "^$ip" | sed 's/\./\\\./g') + ii=$(echo "^$ip." | sed 's/\./\\\./g') grep $ii $tempfile >> $dedupfile done awk 'FNR==NR{a[$0];next}!($0 in a)' $dedupfile $tempfile > $pfbdeny$alias".txt" - for ip in $data255; do echo $ip"0/24" >> $pfbdeny$alias".txt"; done + for ip in $data255; do echo $ip".0/24" >> $pfbdeny$alias".txt"; done fi } @@ -252,6 +252,8 @@ dupcheck=yes hcheck=$(grep -c ^ $masterfile); if [ "$hcheck" -eq "0" ]; then dupcheck=no; fi # Check if Alias exists in Masterfile lcheck=$(grep -m 1 "$alias " $masterfile ); if [ "$lcheck" == "" ]; then dupcheck=no; fi +# Check for single alias in masterfile +aliaslist=$(cut -d' ' -f1 $masterfile | sort | uniq); if [ "$alias" == "$aliaslist" ]; then hcheck="0"; fi if [ "$dupcheck" == "yes" ]; then # Grep Alias with a trailing Space character @@ -332,7 +334,6 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then octet4=$(echo $ip | cut -d '.' -f 4 | sed 's/\/.*//') dcheck=$(grep $iptrim".0/24" $dupfile) if [ "$dcheck" == "" ]; then - echo $iptrim".0" >> $tempfile echo $iptrim".0/24" >> $dupfile counter=$(($counter + 1)) # Add Individual IP addresses from Range excluding Suppressed IP @@ -424,6 +425,8 @@ dupcheck=yes hcheck=$(grep -cv "^$" $masterfile); if [ "$hcheck" -eq "0" ]; then dupcheck=no; fi # Check if Alias exists in Masterfile lcheck=$(grep -m1 "$alias " $masterfile); if [ "$lcheck" == "" ]; then dupcheck=no; fi +# Check for single alias in masterfile +aliaslist=$(cut -d' ' -f1 $masterfile | sort | uniq); if [ "$alias" == "$aliaslist" ]; then hcheck="0"; fi if [ "$dupcheck" == "yes" ]; then # Grep Alias with a trailing Space character @@ -478,7 +481,7 @@ fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0 echo; echo "Querying for Repeat Offenders" -data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | cut -d '.' -f 1-3 $pfbdeny*.txt | +data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | xargs cut -d '.' -f 1-3 | awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}' | grep -v "^1\.1\.1")" count=$(echo "$data" | grep -c ^) if [ "$data" == "" ]; then count=0; fi @@ -605,7 +608,7 @@ fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0 echo; echo "=====================================================================" echo; echo "Querying for Repeat Offenders" -data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | cut -d '.' -f 1-3 $pfbdeny*.txt | +data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | xargs cut -d '.' -f 1-3 | awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}' | grep -v "^1\.1\.1")" count=$(echo "$data" | grep -c ^) if [ "$data" == "" ]; then count=0; fi @@ -975,4 +978,4 @@ case $1 in exitnow ;; esac -exitnow
\ No newline at end of file +exitnow diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 218b22e1..d3b2cb16 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -71,6 +71,10 @@ <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_install.inc</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.php</item> <prefix>/usr/local/www/pfblockerng/</prefix> <chmod>0644</chmod> @@ -542,10 +546,14 @@ </field> </fields> <custom_php_install_command> - pfblockerng_php_install_command(); + <![CDATA[ + include_once('/usr/local/pkg/pfblockerng/pfblockerng_install.inc'); + ]]> </custom_php_install_command> <custom_php_deinstall_command> + <![CDATA[ pfblockerng_php_deinstall_command(); + ]]> </custom_php_deinstall_command> <custom_php_validation_command> pfblockerng_validate_input($_POST, $input_errors); diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index bfb15c07..7253d04d 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -451,7 +451,7 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi } // Skip Repeated Alerts - if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) { + if (($pfbalert[1] . $pfbalert[3] . $pfbalert[7] . $pfbalert[8] . $pfbalert[10]) == $previous_alert) { continue; } @@ -489,8 +489,7 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi } // Collect Details for Repeated Alert Comparison - $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9]; - $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10]; + $previous_alert = $pfbalert[1] . $pfbalert[3] . $pfbalert[7] . $pfbalert[8] . $pfbalert[10]; } unset ($pfbalert, $logarr); return $fields_array; diff --git a/config/pfblockerng/pfblockerng_install.inc b/config/pfblockerng/pfblockerng_install.inc new file mode 100644 index 00000000..28fe373f --- /dev/null +++ b/config/pfblockerng/pfblockerng_install.inc @@ -0,0 +1,82 @@ +<?php +/* + pfBlockerNG_install.inc + + pfBlockerNG + Copyright (C) 2015 BBcan177@gmail.com + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +// Install pfBlockerNG package, launched from pfblockerng.xml + +require_once('/usr/local/pkg/pfblockerng/pfblockerng.inc'); +require_once('/usr/local/www/pfblockerng/pfblockerng.php'); + +global $config, $pfb; +pfb_global(); + +// Remove previously used CC folder location if exists +@rmdir_recursive("{$pfb['dbdir']}/cc"); + +// Uncompress Country Code File +@copy("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2"); +exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f {$pfb['ccdir']}/countrycodes.tar.bz2"); +// Download MaxMind Files and Create Country Code files and Build Continent XML Files +update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); +exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); + +update_output_window(gettext("MaxMind Country Database downloads completed...")); +update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); +pfblockerng_uc_countries(); +update_output_window(gettext("Creating pfBlockerNG Continent XML Files...")); +pfblockerng_get_countries(); +update_output_window(gettext("Completed Creating pfBlockerNG Continent XML Files...")); + +// Remove Original Maxmind Database Files +@unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); +@unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); +@unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); +@unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); + +// Add Widget to Dashboard +update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); +if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { + // Restore previous Widget setting if "Keep" is enabled. + $config['widgets']['sequence'] = $pfb['widgets']; +} else { + $widgets = $config['widgets']['sequence']; + if (!preg_match("/pfblockerng-container/", $widgets)) { + if (empty($widgets)) { + $config['widgets']['sequence'] = "pfblockerng-container:col2:show"; + } else { + $config['widgets']['sequence'] .= ",pfblockerng-container:col2:show"; + } + } +} +return TRUE; + +?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml index 32ed52e8..030c1385 100644 --- a/config/pfblockerng/pfblockerng_top20.xml +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -132,6 +132,17 @@ <type>listtopic</type> </field> <field> + <description><![CDATA[<font color='red'>Note:</font> pfSense by default implicitly blocks all unsolicited inbound traffic to the WAN + interface. Therefore adding GeoIP based firewall rules to the WAN will <strong>not</strong> provide any benefit, unless there are + open WAN ports. Also consider protecting just the specific open WAN ports. It's also <strong>not</strong> recommended to + block the 'world', instead consider rules to 'Permit' traffic from selected Countries only. Finally, it's just as important + to protect the outbound LAN traffic.]]> + </description> + <type>info</type> + <dontdisplayname/> + <usecolspan2/> + </field> + <field> <fielddescr>LINKS</fielddescr> <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php index e63d04dc..7911a4e6 100644 --- a/config/pfblockerng/pfblockerng_update.php +++ b/config/pfblockerng/pfblockerng_update.php @@ -207,9 +207,9 @@ include_once("head.inc"); <tr> <td colspan="2" class="listr"> <?php - if ($pfb['enable'] == "on") { + if ($pfb['enable'] == 'on') { - /* Legend - Time Variables + /* Legend - Time variables $pfb['interval'] Hour interval setting (1,2,3,4,6,8,12,24) $pfb['min'] Cron minute start time (0-23) @@ -218,92 +218,70 @@ include_once("head.inc"); $currenthour Current hour $currentmin Current minute + $currentsec Current second + $currentdaysec Total number of seconds elapsed so far in the day $cron_hour_begin First cron hour setting (interval 2-24) $cron_hour_next Next cron hour setting (interval 2-24) - $max_min_remain Max minutes to next cron (not including currentmin) - $min_remain Total minutes remaining to next cron - $min_final The minute component in hour:min - $nextcron Next cron event in hour:mins - $cronreal Time remaining to next cron in hours:mins */ + $cronreal Time remaining to next cron in hours:mins:secs */ $currenthour = date('G'); $currentmin = date('i'); + $currentsec = date('s'); + $currentdaysec = ($currenthour * 3600) + ($currentmin * 60) + $currentsec; if ($pfb['interval'] == 1) { - if (($currenthour + ($currentmin/60)) <= ($pfb['hour'] + ($pfb['min']/60))) { + if ($currentmin < $pfb['min']) { $cron_hour_next = $currenthour; } else { - $cron_hour_next = $currenthour + 1; - } - if (($currenthour + ($pfb['min']/60)) >= 24) { - $cron_hour_next = $pfb['hour']; + $cron_hour_next = ($currenthour + 1) % 24; } - $max_min_remain = 60 + $pfb['min']; } elseif ($pfb['interval'] == 24) { - $cron_hour_next = $cron_hour_begin = $pfb['24hour'] != '' ? $pfb['24hour'] : '00'; + $cron_hour_next = $cron_hour_begin = !empty($pfb['24hour']) ?: '00'; } else { - // Find Next Cron hour schedule + // Find next cron hour schedule $crondata = pfb_cron_base_hour(); + $cron_hour_begin = 0; + $cron_hour_next = ''; if (!empty($crondata)) { foreach ($crondata as $key => $line) { if ($key == 0) { $cron_hour_begin = $line; } - if ($line > $currenthour) { + if (($line * 3600) + ($pfb['min'] * 60) > $currentdaysec) { $cron_hour_next = $line; break; } } } - - // Roll over to First cron hour setting - if (!isset($cron_hour_next)) { - if (empty($cron_hour_begin)) { - // $cron_hour_begin is hour '0' - $cron_hour_next = (24 - $currenthour); - } else { - $cron_hour_next = $cron_hour_begin; - } - } - } - - if ($pfb['interval'] != 1) { - if (($currenthour + ($currentmin/60)) <= ($cron_hour_next + ($pfb['min']/60))) { - $max_min_remain = (($cron_hour_next - $currenthour) * 60) + $pfb['min']; - } else { - $max_min_remain = ((24 - $currenthour + $cron_hour_begin) * 60) + $pfb['min']; + // Roll over to the first cron hour setting + if (empty($cron_hour_next)) { $cron_hour_next = $cron_hour_begin; } } - $min_remain = ($max_min_remain - $currentmin); - $min_final = ($min_remain % 60); - $sec_final = (60 - date('s')); - - if (strlen($sec_final) == 1) { - $sec_final = '0' . $sec_final; - } - if (strlen($min_final) == 1) { - $min_final = '0' . $min_final; - } - if (strlen($cron_hour_next) == 1) { - $cron_hour_next = '0' . $cron_hour_next; - } - - if ($min_remain > 59) { - $nextcron = floor($min_remain / 60) . ':' . $min_final . ':' . $sec_final; + $cron_seconds_next = ($cron_hour_next * 3600) + ($pfb['min'] * 60); + if ($currentdaysec < $cron_seconds_next) { + // The next cron job is ahead of us in the day + $sec_remain = $cron_seconds_next - $currentdaysec; } else { - $nextcron = '00:' . $min_final . ':' . $sec_final; + // The next cron job is tomorrow + $sec_remain = (24*60*60) + $cron_seconds_next - $currentdaysec; } - if ($pfb['min'] == 0) { - $pfb['min'] = '00'; - } + // Ensure hour:min:sec variables are two digit + $pfb['min'] = str_pad($pfb['min'], 2, '0', STR_PAD_LEFT); + $sec_final = str_pad(($sec_remain % 60), 2, '0', STR_PAD_LEFT); + $min_remain = str_pad(floor($sec_remain / 60), 2, '0', STR_PAD_LEFT); + $min_final = str_pad(($min_remain % 60), 2, '0', STR_PAD_LEFT); + $hour_final = str_pad(floor($min_remain / 60), 2, '0', STR_PAD_LEFT); + $cron_hour_next = str_pad($cron_hour_next, 2, '0', STR_PAD_LEFT); + $cronreal = "{$cron_hour_next}:{$pfb['min']}"; + $nextcron = "{$hour_final}:{$min_final}:{$sec_final}"; } if (empty($pfb['enable']) || empty($cron_hour_next)) { @@ -314,9 +292,8 @@ include_once("head.inc"); echo "NEXT Scheduled CRON Event will run at <font size=\"3\"> {$cronreal}</font> with <font size=\"3\"><span class=\"red\"> {$nextcron} </span></font> time remaining."; - // Query for any Active pfBlockerNG CRON Jobs - $result_cron = array(); - $cron_event = exec ("/bin/ps -wax", $result_cron); + // Query for any active pfBlockerNG CRON jobs + exec ('/bin/ps -wax', $result_cron); if (preg_grep("/pfblockerng[.]php\s+cron/", $result_cron)) { echo "<font size=\"2\"><span class=\"red\"> Active pfBlockerNG CRON Job </span></font> "; diff --git a/config/phpservice/phpservice.inc b/config/phpservice/phpservice.inc index cffdb09f..d04e021a 100644 --- a/config/phpservice/phpservice.inc +++ b/config/phpservice/phpservice.inc @@ -104,7 +104,6 @@ EOF; } function phpservice_install_command() { - conf_mount_rw(); write_rcfile(array( "file" => "phpservice.sh", "start" => "/usr/local/bin/php /usr/local/pkg/phpservice.php >> /var/log/phpservice.log &", @@ -112,15 +111,6 @@ function phpservice_install_command() { ) ); phpservice_sync_package(); - conf_mount_ro(); -} - - -function phpservice_deinstall_command() { - conf_mount_rw(); - stop_service("phpservice"); - unlink_if_exists("/usr/local/etc/rc.d/phpservice.sh"); - conf_mount_ro(); } ?> diff --git a/config/phpservice/phpservice.xml b/config/phpservice/phpservice.xml index e437be20..6bada596 100644 --- a/config/phpservice/phpservice.xml +++ b/config/phpservice/phpservice.xml @@ -81,7 +81,4 @@ <custom_php_install_command> phpservice_install_command(); </custom_php_install_command> - <custom_php_deinstall_command> - phpservice_deinstall_command(); - </custom_php_deinstall_command> </packagegui> diff --git a/config/postfix/postfix.inc b/config/postfix/postfix.inc index fd0832ba..0629c187 100755 --- a/config/postfix/postfix.inc +++ b/config/postfix/postfix.inc @@ -141,154 +141,112 @@ function sync_relay_recipients($via_cron="cron"){ } function check_cron(){ global $config, $g; - #check crontab - $new_cron=array(); - $cron_cmd_sqlite = ""; - $cron_postfix_sqlite=""; - $cron_cmd= "/usr/local/bin/php -q /usr/local/www/postfix_recipients.php"; - $postfix_enabled=$config['installedpackages']['postfix']['config'][0]['enable_postfix']; - #check ldap update - if (is_array($config['installedpackages']['postfixrecipients']['config'])) - $postfix_recipients_config=$config['installedpackages']['postfixrecipients']['config'][0]; - if(preg_match("/(\d+)(\w)/",$postfix_recipients_config['freq'],$matches)){ - $cron_postfix=array("minute" => "*", - "hour" => "*", - "mday" => "*", - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> $cron_cmd); - switch ($matches[2]){ - case m: - $cron_postfix["minute"]="*/".$matches[1]; - break; - case h: - $cron_postfix["minute"]="0"; - $cron_postfix["hour"]="*/".$matches[1]; - break; - case d: - $cron_postfix["minute"]="0"; - $cron_postfix["hour"]="0"; - $cron_postfix["mday"]="*/".$matches[1]; - break; - default: - $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'"; - } - } - #check crontab Sqlite databases - if (is_array($config['installedpackages']['postfix']['config']) && $postfix_enabled=="on"){ - $cron_sqlite_queue=$config['installedpackages']['postfix']['config'][0]['update_sqlite']; - $cron_cmd_sqlite="/usr/local/bin/php -q /usr/local/www/postfix.php"; - if ($cron_sqlite_queue != "" && $cron_sqlite_queue != "never"){ - $cron_postfix_sqlite=array("minute" => "*", - "hour" => "*", - "mday" => "*", - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> ""); - switch ($cron_sqlite_queue){ - case '01min': - $cron_postfix_sqlite["command"] = $cron_cmd_sqlite ." 01min"; - break; - case '10min': - $cron_postfix_sqlite["minute"]="*/10"; - $cron_postfix_sqlite["command"] = $cron_cmd_sqlite ." 10min"; - break; - case '01hour': - $cron_postfix_sqlite["minute"]="0"; - $cron_postfix_sqlite["command"] = $cron_cmd_sqlite ." 01hour"; - break; - case '24hours': - $cron_postfix_sqlite["minute"]="0"; - $cron_postfix_sqlite["hour"]="0"; - $cron_postfix_sqlite["command"] = $cron_cmd_sqlite ." 24hours"; - break; - } - } - } - - #check crontab relay recipients - $cron_found=""; - if (is_array($config['cron']['item'])){ - #print "<pre>"; - foreach($config['cron']['item'] as $cron){ - #check valid_recipients cron - if ($cron["command"] == $cron_cmd){ - #postfix cron cmd found - if($postfix_enabled=="on"){ - $cron_found=$cron; - if($postfix_recipients_config['enable_ldap'] || $postfix_recipients_config['enable_url']){ - #update cron schedule - $new_cron['item'][]=$cron_postfix; - } - } - } - #check sqlite update queue - else if(!preg_match("/.usr.local.www.postfix.php/",$cron["command"])){ - #keep all non postfix cron cmds if not empty - if ($cron["command"] != "") - $new_cron['item'][]=$cron; - } - } - $write_cron=1; - # Check if crontab must be changed to valid recipients cmd - if ($postfix_recipients_config['enable_ldap'] || $postfix_recipients_config['enable_url']){ - if ($cron_found!=$cron_postfix){ - #update postfix cron schedule - if (! is_array($cron_found) && $postfix_enabled=="on") - $new_cron['item'][]=$cron_postfix; - $write_cron=1; - } - } - else{ - if (is_array($cron_found)){ - #remove postfix cron cmd - $write_cron=1; - } - } - #check if cron must be changed to Sqlite cmd - if($cron_sqlite_queue != "" && $cron_sqlite_queue != "never"){ - $new_cron['item'][]=$cron_postfix_sqlite; - $config['cron']=$new_cron; - $write_cron=1; - } - } - - #call cron functions - if ($write_cron==1){ - $config['cron']=$new_cron; - write_config('Postfix - sync remote sqlite database',$backup = false); - configure_cron(); - } - #remove postfix old cron call - $old_cron=0; - $crontab = file('/etc/crontab'); - $new_crontab=""; - foreach ($crontab as $line){ - if (preg_match("/php..usr.local.www.postfix_recipients.php/",$line)) - $old_cron=1; - else - $new_crontab .= $line; - } - if ($old_cron==1) - file_put_contents("/etc/crontab",$new_crontab, LOCK_EX); - - #print "<pre>". var_dump($new_cron). var_dump($cron_postfix_sqlite).var_dump($config['cron']); - #exit; + $cron_postfix_sqlite = ""; + $cron_cmd_sqlite = "/usr/local/bin/php -q /usr/local/www/postfix.php"; + $cron_cmd_recipients = "/usr/local/bin/php -q /usr/local/www/postfix_recipients.php"; + if (is_array($config['installedpackages']['postfix']['config'])) { + $postfix_enabled = $config['installedpackages']['postfix']['config'][0]['enable_postfix']; + } + // check ldap update + if (is_array($config['installedpackages']['postfixrecipients']['config'])) { + $postfix_recipients_config = $config['installedpackages']['postfixrecipients']['config'][0]; + } + // check crontab relay recipients + if (preg_match("/(\d+)(\w)/", $postfix_recipients_config['freq'], $matches)) { + $r_minute = "*"; + $r_hour = "*"; + $r_mday = "*"; + $r_month = "*"; + $r_wday = "*"; + $r_who = "root"; + switch ($matches[2]) { + case m: + $r_minute = "*/" . $matches[1]; + break; + case h: + $r_minute = "0"; + $r_hour = "*/" . $matches[1]; + break; + case d: + $r_minute = "0"; + $r_hour = "0"; + $r_mday = "*/" . $matches[1]; + break; + default: + $input_errors[] = "A valid number with a time reference is required for the field 'Frequency'"; + } + } + + // check crontab Sqlite databases + if (is_array($config['installedpackages']['postfix']['config'])) { + $cron_sqlite_queue = $config['installedpackages']['postfix']['config'][0]['update_sqlite']; + if ($cron_sqlite_queue != "" && $cron_sqlite_queue != "never") { + $s_minute = "*"; + $s_hour = "*"; + $s_mday = "*"; + $s_month = "*"; + $s_wday = "*"; + $s_who = "root"; + switch ($cron_sqlite_queue) { + case '01min': + $cron_postfix_sqlite = $cron_cmd_sqlite . " 01min"; + break; + case '10min': + $s_minute = "*/10"; + $cron_postfix_sqlite = $cron_cmd_sqlite . " 10min"; + break; + case '01hour': + $s_minute = "0"; + $cron_postfix_sqlite = $cron_cmd_sqlite . " 01hour"; + break; + case '24hours': + $s_minute = "0"; + $s_hour = "0"; + $cron_postfix_sqlite = $cron_cmd_sqlite . " 24hours"; + break; + } + } + } + + // update cron + if ($postfix_enabled == "on") { + if ($postfix_recipients_config['enable_ldap'] || $postfix_recipients_config['enable_url']) { + install_cron_job("{$cron_cmd_recipients}", true, $r_minute, $r_hour, $r_mday, $r_month, $r_wday, $r_who); + } else { + install_cron_job("{$cron_cmd_recipients}", false); + } + if ($cron_sqlite_queue != "" && $cron_sqlite_queue != "never") { + // First remove the previous schedule since the command was appended as well + install_cron_job("{$cron_cmd_sqlite}", false); + install_cron_job("{$cron_postfix_sqlite}", true, $s_minute, $s_hour, $s_mday, $s_month, $s_wday, $s_who); + } else { + install_cron_job("{$cron_cmd_sqlite}", false); + } + } else { + install_cron_job("{$cron_cmd_recipients}", false); + install_cron_job("{$cron_cmd_sqlite}", false); + } } + function sync_package_postfix($via_rpc="no") { - global $config; + global $g, $config; log_error("sync_package_postfix called with via_rpc={$via_rpc}"); # detect boot process - if (is_array($_POST)){ - if (preg_match("/\w+/",$_POST['__csrf_magic'])) + if (is_array($_POST)) { + if (function_exists("platform_booting")) { + if (!platform_booting()) { + unset($boot_process); + } else { + $boot_process="on"; + } + } elseif (!($g['booting'])) { unset($boot_process); - else + } else { $boot_process="on"; + } } if(is_process_running("master") && isset($boot_process) && $via_rpc=="no") diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc index 140bac8a..34900e76 100644 --- a/config/quagga_ospfd/quagga_ospfd.inc +++ b/config/quagga_ospfd/quagga_ospfd.inc @@ -1,9 +1,10 @@ <?php /* quagga_ospfd.inc - Copyright (C) 2010 Ermal Lu�i + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Ermal Luçi Copyright (C) 2012 Jim Pingle - part of pfSense + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -46,7 +47,7 @@ function quagga_ospfd_get_interfaces() { $interfaces = get_configured_interface_with_descr(); $ospf_ifs = array(); foreach ($interfaces as $iface => $ifacename) { - $tmp["name"] = $ifacename; + $tmp["name"] = $ifacename; $tmp["value"] = $iface; $ospf_ifs[] = $tmp; } @@ -55,7 +56,7 @@ function quagga_ospfd_get_interfaces() { if (is_array($config['openvpn']["openvpn-{$mode}"])) { foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { if (!isset($setting['disable'])) { - $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); $tmp["value"] = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid']; $ospf_ifs[] = $tmp; } @@ -74,11 +75,11 @@ function quagga_ospfd_install_conf() { $quagga_config_base = PKG_QUAGGA_CONFIG_BASE; $noaccept = ""; - + // generate ospfd.conf based on the assistant - if(is_array($config['installedpackages']['quaggaospfd']['config'])) + if(is_array($config['installedpackages']['quaggaospfd']['config'])) { $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; - else { + } else { log_error("Quagga OSPFd: No config data found."); return; } @@ -90,11 +91,12 @@ function quagga_ospfd_install_conf() { } else { $conffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; - if($ospfd_conf['password']) + if($ospfd_conf['password']) { $conffile .= "password {$ospfd_conf['password']}\n"; - - if ($ospfd_conf['logging']) + } + if ($ospfd_conf['logging']) { $conffile .= "log syslog\n"; + } /* Interface Settings */ $passive_interfaces = array(); @@ -113,7 +115,7 @@ function quagga_ospfd_install_conf() { if ($conf['md5password'] && !empty($conf['password'])) { $conffile .= " ip ospf authentication message-digest\n"; $conffile .= " ip ospf message-digest-key 1 md5 " . substr($conf['password'], 0, 15) . "\n"; - } else if (!empty($conf['password'])) { + } elseif (!empty($conf['password'])) { $conffile .= " ip ospf authentication-key " . substr($conf['password'], 0, 8) . "\n"; } if (!empty($conf['routerpriorityelections'])) { @@ -124,38 +126,36 @@ function quagga_ospfd_install_conf() { } if (!empty($conf['deadtimer'])) { $conffile .= " ip ospf dead-interval {$conf['deadtimer']}\n"; - } + } if (!empty($conf['passive'])) { $passive_interfaces[] = $realif; } $interface_ip = find_interface_ip($realif); $interface_subnet = find_interface_subnet($realif); /* Cheap hack since point-to-points won't attach if /32 is used. */ - if ($interface_subnet == 32) + if ($interface_subnet == 32) { $interface_subnet = 30; + } $subnet = gen_subnet($interface_ip, $interface_subnet); if (!empty($conf['acceptfilter'])) { $noaccept .= "ip prefix-list ACCEPTFILTER deny {$subnet}/{$interface_subnet}\n"; } if (!empty($conf['interfacearea'])) { $interface_networks[] = array( "subnet" => "{$subnet}/{$interface_subnet}", "area" => $conf['interfacearea']); - } - else { + } else { $interface_networks[] = array( "subnet" => "{$subnet}/{$interface_subnet}", "area" => $ospfd_conf['area']); } - - - } } - + $redist = ""; $noredist = ""; if (is_array($ospfd_conf['row'])) { foreach ($ospfd_conf['row'] as $redistr) { - if (empty($redistr['routevalue'])) + if (empty($redistr['routevalue'])) { continue; + } if (isset($redistr['acceptfilter'])) { $noaccept .= "ip prefix-list ACCEPTFILTER deny {$redistr['routevalue']}\n"; } @@ -173,55 +173,60 @@ function quagga_ospfd_install_conf() { $conffile .= "\n\nrouter ospf\n"; // Specify router id - if($ospfd_conf['routerid']) + if ($ospfd_conf['routerid']) { $conffile .= " ospf router-id {$ospfd_conf['routerid']}\n"; - - if ($ospfd_conf['updatefib']) + } + if ($ospfd_conf['updatefib']) { $conffile .= " area {$ospfd_conf['area']} stub\n"; - - if ($ospfd_conf['logging'] && $ospfd_conf['adjacencylog']) + } + if ($ospfd_conf['logging'] && $ospfd_conf['adjacencylog']) { $conffile .= " log-adjacency-changes detail\n"; - - if ($ospfd_conf['redistributeconnectedsubnets']) + } + if ($ospfd_conf['redistributeconnectedsubnets']) { $conffile .= " redistribute connected\n"; - - if ($ospfd_conf['redistributestatic']) + } + if ($ospfd_conf['redistributestatic']) { $conffile .= " redistribute static\n"; - - if ($ospfd_conf['redistributekernel']) + } + if ($ospfd_conf['redistributekernel']) { $conffile .= " redistribute kernel\n"; - - - if ($ospfd_conf['redistributedefaultroute']) + } + if ($ospfd_conf['redistributedefaultroute']) { $conffile .= " default-information originate\n"; - + } if ($ospfd_conf['spfholdtime'] || $ospfd_conf['spfdelay']) { $spf_minhold = ($ospfd_conf['spfholdtime']) ? $ospfd_conf['spfholdtime'] : 1000; $spf_maxhold = $spf_minhold * 10; $spf_delay = ($ospfd_conf['spfdelay']) ? $ospfd_conf['spfdelay'] : 200; $conffile .= " timers throttle spf {$spf_delay} {$spf_minhold} {$spf_maxhold}\n"; } - - if ($ospfd_conf['rfc1583']) + if ($ospfd_conf['rfc1583']) { $conffile .= " ospf rfc1583compatibility\n"; - + } if (is_array($passive_interfaces)) { foreach ($passive_interfaces as $pint) $conffile .= " passive-interface {$pint}\n"; } - - if (is_array($interface_networks)) { foreach ($interface_networks as $ifn) { if (is_subnet($ifn['subnet'])) { - $conffile .= " network {$ifn['subnet']} area {$ifn['area']}\n"; - } + $conffile .= " network {$ifn['subnet']} area {$ifn['area']}\n"; + } } } - - if (!empty($redist)) + if ($conf['md5password'] && !empty($conf['password']) && !empty($conf['interfacearea'])) { + $conffile .= " area {$conf['interfacearea']} authentication message-digest\n"; + } elseif ($conf['md5password'] && !empty($conf['password']) && empty($conf['interfacearea'])) { + $conffile .= " area 0.0.0.0 authentication message-digest\n"; + } + if ($conf['password'] && empty($conf['md5password']) && !empty($conf['interfacearea'])) { + $conffile .= " area {$conf['interfacearea']} authentication\n"; + } elseif ($conf['password'] && empty($conf['md5password']) && empty($conf['interfacearea'])) { + $conffile .= " area 0.0.0.0 authentication\n"; + } + if (!empty($redist)) { $conffile .= $redist; - + } if (!empty($noredist)) { $conffile .= " distribute-list dnr-list out connected\n"; $conffile .= " distribute-list dnr-list out kernel\n"; @@ -248,10 +253,12 @@ function quagga_ospfd_install_conf() { $zebraconffile = str_replace("\r","",base64_decode($config['installedpackages']['quaggaospfdraw']['config'][0]['zebra'])); } else { $zebraconffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; - if($ospfd_conf['password']) + if($ospfd_conf['password']) { $zebraconffile .= "password {$ospfd_conf['password']}\n"; - if ($ospfd_conf['logging']) + } + if ($ospfd_conf['logging']) { $zebraconffile .= "log syslog\n"; + } if (!empty($noaccept)) { $zebraconffile .= $noaccept; $zebraconffile .= "ip prefix-list ACCEPTFILTER permit any\n"; @@ -381,31 +388,40 @@ function quagga_ospfd_validate_interface() { if ($config['installedpackages']['quaggaospfdinterfaces']['config']) { foreach ($config['installedpackages']['quaggaospfdinterfaces']['config'] as $index => $conf) { - if ($index == 0) + if ($index == 0) { continue; - if ($id != $index && $conf['interface'] == $_POST['interface']) + } + if ($id != $index && $conf['interface'] == $_POST['interface']) { $input_errors[] = "Interface {$_POST['interface']} is already configured."; + } } } - if ($_POST['md5password'] && empty($_POST['password'])) + if ($_POST['md5password'] && empty($_POST['password'])) { $input_errors[] = "Please input a password."; + } } function quagga_ospfd_validate_input() { global $config, $g, $input_errors; - if ($_POST['password'] <> "" && (strpos($_POST['password'], "'") !== false)) + if ($_POST['password'] <> "" && (strpos($_POST['password'], "'") !== false)) { $input_errors[] = "Password cannot contain a single quote (')"; - if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) + } + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) { $input_errors[] = "Router ID must be an address."; - if (!is_ipaddr($_POST['area'])) + } + if (!is_ipaddr($_POST['area'])) { $input_errors[] = "Area needs to be a valid ip_address."; - if ($_POST['spfholdtime'] <> "" && ($_POST['spfholdtime'] < 1 || $_POST['spfholdtime'] > 5)) + } + if ($_POST['spfholdtime'] <> "" && ($_POST['spfholdtime'] < 1 || $_POST['spfholdtime'] > 5)) { $input_errors[] = "SPF holdtime needs to be between 1 and 5."; - if ($_POST['spfdelay'] <> "" && ($_POST['spfdelay'] < 1 || $_POST['spfdelay'] > 10)) + } + if ($_POST['spfdelay'] <> "" && ($_POST['spfdelay'] < 1 || $_POST['spfdelay'] > 10)) { $input_errors[] = "SPF delay needs to be between 1 and 10."; - if (!$config['installedpackages']['quaggaospfdinterfaces']['config']) + } + if (!$config['installedpackages']['quaggaospfdinterfaces']['config']) { $input_errors[] = "Please select an interface to use for Quagga OSPFd."; + } } function quagga_get_carp_status_by_ip($ipaddr) { @@ -413,8 +429,9 @@ function quagga_get_carp_status_by_ip($ipaddr) { if ($iface) { $status = get_carp_interface_status($iface); // If there is no status for that interface, return null. - if (!$status) + if (!$status) { $status = null; + } } else { // If there is no VIP by that IP, return null. $status = null; @@ -430,7 +447,7 @@ function quagga_ospfd_plugin_carp($pluginparams) { // $pluginparams['interface'] contains the affected interface /* If there is no OSPF config, then stop */ - if(is_array($config['installedpackages']['quaggaospfd']['config'])) { + if (is_array($config['installedpackages']['quaggaospfd']['config'])) { $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; } else { return null; diff --git a/config/quagga_ospfd/status_ospfd.php b/config/quagga_ospfd/status_ospfd.php index 8ecf19d0..b291655d 100644 --- a/config/quagga_ospfd/status_ospfd.php +++ b/config/quagga_ospfd/status_ospfd.php @@ -1,8 +1,10 @@ <?php /* status_ospfd.php - Copyright (C) 2010 Nick Buraglio; nick@buraglio.com + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Nick Buraglio <nick@buraglio.com> Copyright (C) 2010 Scott Ullrich <sullrich@pfsense.org> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -16,7 +18,7 @@ documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF @@ -26,14 +28,13 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); $pgtitle = "Quagga OSPF: Status"; include("head.inc"); $control_script = "/usr/local/bin/quaggactl"; -$pkg_homedir = "/var/etc/quagga"; +$pkg_homedir = "/var/etc/quagga"; /* List all of the commands as an index. */ function listCmds() { @@ -61,11 +62,12 @@ function defCmdT($title, $command) { } function doCmdT($title, $command) { - echo "<p>\n"; + echo "<br />\n"; echo "<a name=\"" . $title . "\">\n"; echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"; echo "<tr><td class=\"listtopic\">" . $title . "</td></tr>\n"; - echo "<tr><td class=\"listlr\"><pre>"; /* no newline after pre */ + /* no newline after pre */ + echo "<tr><td class=\"listlr\"><pre>"; $execOutput = ""; $execStatus = ""; @@ -86,7 +88,7 @@ function doCmdT($title, $command) { <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> + <tr><td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=quagga_ospfd.xml&id=0"); @@ -96,8 +98,7 @@ function doCmdT($title, $command) { display_top_tabs($tab_array); ?> </td></tr> - <tr> - <td> + <tr><td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> @@ -123,8 +124,7 @@ function doCmdT($title, $command) { </tr> </table> </div> - </td> - </tr> + </td></tr> </table> <?php include("fend.inc"); ?> </body> diff --git a/config/routed/routed.inc b/config/routed/routed.inc index 471c2772..3bcef0aa 100644 --- a/config/routed/routed.inc +++ b/config/routed/routed.inc @@ -105,21 +105,17 @@ function setup_etc_gateways($iface="", $mode="") { } function routed_install_command() { - conf_mount_rw(); write_rcfile(array( "file" => "routed.sh", "start" => "/usr/bin/nohup /sbin/routed > /dev/null 2>&1 &", "stop" => "/bin/pkill routed" ) ); - conf_mount_ro(); } function routed_deinstall_command() { stop_service("routed"); - conf_mount_rw(); unlink_if_exists("/usr/local/etc/rc.d/routed.sh"); - conf_mount_ro(); } ?> diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc index ce2617e1..85410560 100644 --- a/config/sarg/sarg.inc +++ b/config/sarg/sarg.inc @@ -1,540 +1,561 @@ <?php -/* ========================================================================== */ /* sarg.inc - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2007 Joao Henrique F. Freitas - Copyright (C) 2012-2013 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2"){ + Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { // Function to get squidGuard directory // each squidGuard version has a different directory function getsqGuardDir() { - foreach (glob("/usr/pbi/*",GLOB_ONLYDIR) as $dirname) { + foreach (glob("/usr/pbi/*", GLOB_ONLYDIR) as $dirname) { if (preg_match("/squidguard-/i", $dirname)) { return trim($dirname); break; } } } + define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); + define('SQGARD_DIR', getsqGuardDir()); + define('SQUID_DIR', '/usr/pbi/squid-' . php_uname("m")); + define('DANSG_DIR', '/usr/pbi/dansguardian-' . php_uname("m")); +} else { + define('SARG_DIR', '/usr/local'); + define('SQGARD_DIR', '/usr/local'); + define('SQUID_DIR', '/usr/local'); + define('DANSG_DIR', '/usr/local'); +} - define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); - define('SQGARD_DIR', getsqGuardDir()); - define('SQUID_DIR', '/usr/pbi/squid-' . php_uname("m")); - define('DANSG_DIR', '/usr/pbi/dansguardian-' . php_uname("m")); - } -else{ - define('SARG_DIR', '/usr/local'); - define('SQGARD_DIR', '/usr/local'); - define('SQUID_DIR', '/usr/local'); - define('DANSG_DIR', '/usr/local'); +$uname = posix_uname(); +if ($uname['machine']=='amd64') { + ini_set('memory_limit', '250M'); } - -$uname=posix_uname(); -if ($uname['machine']=='amd64') - ini_set('memory_limit', '250M'); // STATIC VARS -$sarg_proxy=array( 'squid_rc'=> SQUID_DIR . '/etc/rc.d/squid.sh', - 'squid_config'=> '/var/squid/logs/access.log', - 'squidguard_config'=> SQGARD_DIR . '/etc/squidGuard/squidGuard.conf', - 'squidguard_block_log'=>'/var/squidGuard/log/block.log', - 'dansguardian_config'=> DANSG_DIR . '/etc/dansguardian/dansguardian.conf', - 'dansguardian_log'=>'/var/log/dansguardian/access.log'); - +$sarg_proxy['squid_rc'] = SQUID_DIR . '/etc/rc.d/squid.sh'; +$sarg_proxy['squid_config'] = '/var/squid/logs/access.log'; +$sarg_proxy['squidguard_config'] = SQGARD_DIR . '/etc/squidGuard/squidGuard.conf'; +$sarg_proxy['squidguard_block_log'] = '/var/squidGuard/log/block.log'; +$sarg_proxy['dansguardian_config'] = DANSG_DIR . '/etc/dansguardian/dansguardian.conf'; +$sarg_proxy['dansguardian_log'] = '/var/log/dansguardian/access.log'; // END STATIC VARS -function sarg_start() { - global $g, $config; - - // reserved -} - -function sarg_text_area_decode($text){ - return preg_replace('/\r\n/', "\n",base64_decode($text)); +function sarg_text_area_decode($text) { + return preg_replace('/\r\n/', "\n", base64_decode($text)); } function sarg_resync() { - global $config; - if (($_POST['Submit'] == 'Save') || !isset($_POST['Submit'])) - sync_package_sarg(); - if ($_POST['Submit'] == 'Force update now') - run_sarg(); - + global $config; + if (($_POST['Submit'] == 'Save') || !isset($_POST['Submit'])) { + sync_package_sarg(); + } + if ($_POST['Submit'] == 'Force update now') { + run_sarg(); + } } -function log_rotate($log_file){ + +function log_rotate($log_file) { global $config, $g; - - #remove .10 rotate log file - unlink_if_exists("$log_file".".10"); - #rotate logs from 9 to 0 - $i=9; - while ($i>=0){ - if (file_exists($log_file.".".$i)) - rename ($log_file.".".$i,$log_file.".".($i+1)); - $i=$i-1; - } - #rotate current log - if (file_exists("$log_file")) - rename ($log_file,$log_file.".0"); + + // remove .10 rotate log file + unlink_if_exists("{$log_file}.10"); + // rotate logs from 9 to 0 + $i = 9; + while ($i >= 0) { + if (file_exists("{$log_file}.{$i}")) { + rename("{$log_file}.{$i}", "{$log_file}" . ($i + 1)); + } + $i = $i - 1; + } + // rotate current log + if (file_exists("$log_file")) { + rename("{$log_file}", "{$log_file}.0"); + } } -function run_sarg($id=-1) { - global $config, $g,$sarg_proxy; - #mount filesystem writeable + +function run_sarg($id = -1) { + global $config, $g, $sarg_proxy; + // mount filesystem writeable conf_mount_rw(); - $cmd = SARG_DIR . "/bin/sarg"; - if ($id >= 0 && is_array($config['installedpackages']['sargschedule']['config'])){ - $args=$config['installedpackages']['sargschedule']['config'][$id]['args']; - $action=$config['installedpackages']['sargschedule']['config'][$id]['action']; - $gzip=$config['installedpackages']['sargschedule']['config'][$id]['gzip']; - $find=$config['installedpackages']['sargschedule']['config'][$id]['find']; - $gziplevel=$config['installedpackages']['sargschedule']['config'][$id]['gziplevel']; - $daylimit=$config['installedpackages']['sargschedule']['config'][$id]['daylimit']; - } - else{ - $args=$_POST['args']; - $action=$_POST['action']; - $gzip=$_POST['gzip']; - $find=$_POST['find']; - $gziplevel=$_POST['gziplevel']; - $daylimit=""; - } - $find=(preg_match("/(\d+)/",$find,$find_matches) ? $find_matches[1] : "60"); + $cmd = SARG_DIR . "/bin/sarg"; + if ($id >= 0 && is_array($config['installedpackages']['sargschedule']['config'])) { + $args = $config['installedpackages']['sargschedule']['config'][$id]['args']; + $action = $config['installedpackages']['sargschedule']['config'][$id]['action']; + $gzip = $config['installedpackages']['sargschedule']['config'][$id]['gzip']; + $find = $config['installedpackages']['sargschedule']['config'][$id]['find']; + $gziplevel = $config['installedpackages']['sargschedule']['config'][$id]['gziplevel']; + $daylimit = $config['installedpackages']['sargschedule']['config'][$id]['daylimit']; + } else { + $args = $_POST['args']; + $action = $_POST['action']; + $gzip = $_POST['gzip']; + $find = $_POST['find']; + $gziplevel = $_POST['gziplevel']; + $daylimit = ""; + } + $find = (preg_match("/(\d+)/", $find, $find_matches) ? $find_matches[1] : "60"); log_error("Sarg: force refresh now with {$args} args, compress({$gzip}) and {$action} action after sarg finish."); - $gzip_script="#!/bin/sh\n"; - if ($gzip=="on"){ - #remove old file if exists + $gzip_script = "#!/bin/sh\n"; + if ($gzip == "on") { + // remove old file if exists unlink_if_exists("/root/sarg_run_{$id}.sh"); - $gzip_script.=<<<EOF + $gzip_script .= <<<EOF for a in `/usr/bin/find /usr/local/sarg-reports -cmin -{$find} -type d -mindepth 1 -maxdepth 1` do echo \$a -/usr/bin/find \$a -name "*html" | xargs gzip {$gziplevel} +/usr/bin/find \$a -name "*html" | /usr/bin/xargs gzip {$gziplevel} done - + EOF; - } - if (preg_match("/(\d+)/",$daylimit,$day_matches)){ - $gzip_script.=<<<EOF + } + if (preg_match("/(\d+)/", $daylimit, $day_matches)) { + $gzip_script .= <<<EOF for a in `/usr/bin/find /usr/local/sarg-reports -ctime +{$find} -type d -mindepth 1 -maxdepth 1` do echo \$a -rm -rf \$a +/bin/rm -rf \$a done - + EOF; } - #create a new file to speedup find search - file_put_contents("/root/sarg_run_{$id}.sh",$gzip_script,LOCK_EX); - mwexec("export LC_ALL=C && " .$cmd. " ".$args); - #check if there is a script to run after file save - if (is_array($config['installedpackages']['sarg'])) - switch ($config['installedpackages']['sarg']['config'][0]['proxy_server']){ + // create a new file to speedup find search + file_put_contents("/root/sarg_run_{$id}.sh", $gzip_script, LOCK_EX); + mwexec("export LC_ALL=C && " . $cmd . " " . $args); + // check if there is a script to run after file save + if (is_array($config['installedpackages']['sarg'])) { + switch ($config['installedpackages']['sarg']['config'][0]['proxy_server']) { case "squidguard": - if ($action =="both" || $action=="rotate"){ - log_error('executing squidguard log rotate after sarg.'); + if ($action == "both" || $action == "rotate") { + log_error('Executing squidguard log rotate after sarg.'); log_rotate($sarg_proxy['squidguard_block_log']); - file_put_contents($sarg_proxy['squidguard_block_log'],"",LOCK_EX); - chown($sarg_proxy['squidguard_block_log'],'proxy'); - chgrp($sarg_proxy['squidguard_block_log'],'proxy'); + file_put_contents($sarg_proxy['squidguard_block_log'], "", LOCK_EX); + chown($sarg_proxy['squidguard_block_log'], 'proxy'); + chgrp($sarg_proxy['squidguard_block_log'], 'proxy'); mwexec(SQUID_DIR . '/sbin/squid -k reconfigure'); - } - #leave this case without break to run squid rotate too. + } + // leave this case without break to run squid rotate too. case "squid": - if ($action =="both" || $action=="rotate"){ - log_error('executing squid log rotate after sarg.'); + if ($action == "both" || $action == "rotate") { + log_error('Executing squid log rotate after sarg.'); mwexec(SQUID_DIR . '/sbin/squid -k rotate'); + } + if ($action == "both" || $action=="restart") { + if (file_exists($sarg_proxy['squid_rc'])) { + mwexec_bg($sarg_proxy['squid_rc'] . ' restart'); } - if ($action =="both" || $action=="restart"){ - if (file_exists($sarg_proxy['squid_rc'])) - mwexec_bg($sarg_proxy['squid_rc'].' restart'); - } + } break; case "dansguardian": - if (preg_match('/\w+/',$action) && $action !="none"){ + if (preg_match('/\w+/', $action) && $action != "none") { log_rotate($sarg_proxy['dansguardian_log']); - log_error('restarting dansguardian after sarg and log rotate.'); + log_error('Restarting dansguardian after sarg and log rotate.'); mwexec('/usr/bin/killall -HUP dansguardian'); - } + } break; } - #check compress option - if ($gzip=="on") + } + // check compress option + if ($gzip == "on") { mwexec_bg("/bin/sh /root/sarg_run_{$id}.sh"); - - #mount filesystem readonly + } + // mount filesystem readonly conf_mount_ro(); } function sync_package_sarg() { - global $config, $g,$sarg_proxy; - - # detect boot process - if (is_array($_POST)){ - if (!preg_match("/\w+/",$_POST['__csrf_magic'])) + global $config, $g, $sarg_proxy; + + // detect boot process + if (function_exists("platform_booting")) { + if (platform_booting()) { return; + } + } elseif ($g['booting']) { + return; } - #check pkg.php sent a sync request - - - $update_conf=0; - #mount filesystem writeable + + // check pkg.php sent a sync request + $update_conf = 0; + // mount filesystem writeable conf_mount_rw(); - if (!is_array($config['installedpackages']['sarg']['config'])) - $config['installedpackages']['sarg']['config'][0]=array('report_options'=>'use_graphs,remove_temp_files,main_index,use_comma,date_time_by_bytes', - 'report_type'=>'topusers,topsites,sites_users,users_sites,date_time,denied,auth_failures,site_user_time_date,downloads', - 'report_type'=>'u', - 'report_charset'=>'UTF-8', - 'topuser_num'=>'0', - 'authfail_report_limit'=>'0', - 'denied_report_limit'=>'0', - 'user_report_limit' =>'0', - 'lastlog'=> '0', - 'max_elapsed'=> '0'); - $sarg=$config['installedpackages']['sarg']['config'][0]; - if (!is_array($config['installedpackages']['sarguser']['config'])) - $config['installedpackages']['sarguser']['config'][0]=array('user_sort_field'=>'BYTES', - 'exclude_userlist'=> $sarg['exclude_userlist'], - 'include_userlist'=> $sarg['include_userlist'], - 'usertab'=>$sarg['usertab'], - 'ldap_filter_search'=> '(uid=%s)', - 'ldap_target_attr'=> 'cn', - 'ldap_port'=> '389', - 'ntlm_user_format'=>'domainname+username'); - $sarguser=$config['installedpackages']['sarguser']['config'][0]; - $access_log=$sarg['proxy_server']; - switch ($sarg['proxy_server']){ + if (!is_array($config['installedpackages']['sarg']['config'])) { + $config['installedpackages']['sarg']['config'][0]['report_options'] = 'use_graphs,remove_temp_files,main_index,use_comma,date_time_by_bytes'; + $config['installedpackages']['sarg']['config'][0]['report_type'] = 'topusers,topsites,sites_users,users_sites,date_time,denied,auth_failures,site_user_time_date,downloads'; + $config['installedpackages']['sarg']['config'][0]['report_date_format'] = 'u'; + $config['installedpackages']['sarg']['config'][0]['report_charset'] = 'UTF-8'; + $config['installedpackages']['sarg']['config'][0]['topuser_num'] = '0'; + $config['installedpackages']['sarg']['config'][0]['authfail_report_limit'] = '0'; + $config['installedpackages']['sarg']['config'][0]['denied_report_limit'] = '0'; + $config['installedpackages']['sarg']['config'][0]['user_report_limit'] = '0'; + $config['installedpackages']['sarg']['config'][0]['lastlog'] = '0'; + $config['installedpackages']['sarg']['config'][0]['max_elapsed'] = '0'; + } + $sarg = $config['installedpackages']['sarg']['config'][0]; + if (!is_array($config['installedpackages']['sarguser']['config'])) { + $config['installedpackages']['sarguser']['config'][0]['user_sort_field'] = 'BYTES'; + $config['installedpackages']['sarguser']['config'][0]['exclude_userlist'] = $sarg['exclude_userlist']; + $config['installedpackages']['sarguser']['config'][0]['include_userlist'] = $sarg['include_userlist']; + $config['installedpackages']['sarguser']['config'][0]['usertab'] = $sarg['usertab']; + $config['installedpackages']['sarguser']['config'][0]['ldap_filter_search'] = '(uid=%s)'; + $config['installedpackages']['sarguser']['config'][0]['ldap_target_attr'] = 'cn'; + $config['installedpackages']['sarguser']['config'][0]['ldap_port'] = '389'; + $config['installedpackages']['sarguser']['config'][0]['ntlm_user_format'] = 'domainname+username'; + } + $sarguser = $config['installedpackages']['sarguser']['config'][0]; + $access_log = $sarg['proxy_server']; + switch ($sarg['proxy_server']) { case 'dansguardian': - $access_log= $sarg_proxy['dansguardian_log']; - $dansguardian_conf=$sarg_proxy['dansguardian_config']; - $dansguardian_filter_out_date="dansguardian_filter_out_date on"; - $squidguard_conf='squidguard_conf none'; - break; + $access_log = $sarg_proxy['dansguardian_log']; + $dansguardian_conf = $sarg_proxy['dansguardian_config']; + $dansguardian_filter_out_date = "dansguardian_filter_out_date on"; + $squidguard_conf = 'squidguard_conf none'; + break; case 'squidguard': - $squidguard_conf='squidguard_conf '.$sarg_proxy['squidguard_config']; - $redirector_log_format='redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#'; - #Leve this case without break to include squid log file on squidguard option + $squidguard_conf = 'squidguard_conf ' . $sarg_proxy['squidguard_config']; + $redirector_log_format = 'redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#'; + // leave this case without break to include squid log file on squidguard option case 'squid': - $access_log= $sarg_proxy['squid_config']; - if (is_array($config['installedpackages']['squid']['config'])) - if (file_exists($config['installedpackages']['squid']['config'][0]['log_dir']. '/access.log')) - $access_log = $config['installedpackages']['squid']['config'][0]['log_dir']. '/access.log'; - break; - } - if (!file_exists($access_log) && $access_log !=""){ - $error="Sarg config error: ".$sarg['proxy_server']." log file ($access_log) does not exists"; + $access_log = $sarg_proxy['squid_config']; + if (is_array($config['installedpackages']['squid']['config'])) { + if (file_exists($config['installedpackages']['squid']['config'][0]['log_dir'] . '/access.log')) { + $access_log = $config['installedpackages']['squid']['config'][0]['log_dir'] . '/access.log'; + } + } + break; + } + if (!file_exists($access_log) && $access_log !="") { + $error = "Sarg config error: " . $sarg['proxy_server'] . " log file ($access_log) does not exists"; log_error($error); file_notice("Sarg", $error, "Sarg Settings", ""); } - - #general tab - $graphs=(preg_match('/use_graphs/',$sarg['report_options'])?"yes":"no"); - $anonymous_output_files=(preg_match('/anonymous_output_files/',$sarg['report_options'])?"yes":"no"); - $resolve_ip=(preg_match('/resolve_ip/',$sarg['report_options'])?"yes":"no"); - $user_ip=(preg_match('/user_ip/',$sarg['report_options'])?"yes":"no"); - $sort_order=(preg_match('/user_sort_field_order/',$sarg['report_options'])?"reverse":"normal"); - $remove_temp_files=(preg_match('/remove_temp_files/',$sarg['report_options'])?"yes":"no"); - $main_index=(preg_match('/main_index/',$sarg['report_options'])?"yes":"no"); - $index_tree=(preg_match('/index_tree/',$sarg['report_options'])?"file":"date"); - $overwrite_report=(preg_match('/overwrite_report/',$sarg['report_options'])?"yes":"no"); - $use_comma=(preg_match('/use_comma/',$sarg['report_options'])?"yes":"no"); - $long_url=(preg_match('/long_url/',$sarg['report_options'])?"yes":"no"); - $privacy=(preg_match('/privacy/',$sarg['report_options'])?"yes":"no"); - $displayed_values=(preg_match('/displayed_values/',$sarg['report_options'])?"abbreviation":"bytes"); - $bytes_in_sites_users_report=(preg_match('/bytes_in_sites_users_report/',$sarg['report_options'])?"yes":"no"); - $date_time_by=(preg_match('/date_time_by_bytes/',$sarg['report_options'])?"bytes":""); - $date_time_by.=(preg_match('/date_time_by_elap/',$sarg['report_options'])?" elap":""); - if(empty($date_time_by)) - $date_time_by="bytes"; - $date_format=(preg_match("/\w/",$sarg['report_date_format'])?$sarg['report_date_format']:"u"); - $report_type=preg_replace('/,/',' ',$sarg['report_type']); - $report_charset=(empty($sarg['report_charset'])?"UTF-8":$sarg['report_charset']); - $exclude_string=(empty($sarg['exclude_string'])?"":'exclude_string "'.$sarg['exclude_string'].'"'); - - #limits - $max_elapsed=(empty($sarg['max_elapsed'])?"0":$sarg['max_elapsed']); - $lastlog=(empty($sarg['lastlog'])?"0":$sarg['lastlog']); - $topuser_num=(empty($sarg['topuser_num'])?"0":$sarg['topuser_num']); - $authfail_report_limit=(empty($sarg['authfail_report_limit'])?"0":$sarg['authfail_report_limit']); - $denied_report_limit=(empty($sarg['denied_report_limit'])?"0":$sarg['denied_report_limit']); - $report_limit=(empty($sarg['user_report_limit'])?"0":$sarg['user_report_limit']); - $user_report_limit = "siteusers_report_limit ".$report_limit."\n"; - $user_report_limit .= "user_report_limit ".$report_limit."\n"; - if(preg_match("/(squidguard|dansguardian)/",$sarg['proxy_server'])){ - $user_report_limit .= $sarg['proxy_server']."_report_limit ".$report_limit."\n"; - } - - #user tab - $ntlm_user_format=(empty($sarguser['ntlm_user_format'])?'domainname+username':$sarguser['ntlm_user_format']); - if(!empty($sarguser['include_userlist'])) - $include_users="$include_users ".$sarguser['include_userlist']; - - if(empty($sarguser['usertab'])){ + + // general tab + $graphs = (preg_match('/use_graphs/', $sarg['report_options']) ? "yes" : "no"); + $anonymous_output_files = (preg_match('/anonymous_output_files/', $sarg['report_options']) ? "yes" : "no"); + $resolve_ip = (preg_match('/resolve_ip/', $sarg['report_options']) ? "yes" : "no"); + $user_ip = (preg_match('/user_ip/', $sarg['report_options']) ? "yes" : "no"); + $sort_order = (preg_match('/user_sort_field_order/', $sarg['report_options']) ? "reverse" : "normal"); + $remove_temp_files = (preg_match('/remove_temp_files/', $sarg['report_options']) ? "yes" : "no"); + $main_index = (preg_match('/main_index/', $sarg['report_options']) ? "yes" : "no"); + $index_tree = (preg_match('/index_tree/', $sarg['report_options']) ? "file" : "date"); + $overwrite_report = (preg_match('/overwrite_report/', $sarg['report_options']) ? "yes" : "no"); + $use_comma = (preg_match('/use_comma/', $sarg['report_options']) ? "yes" : "no"); + $long_url = (preg_match('/long_url/', $sarg['report_options']) ? "yes" : "no"); + $privacy = (preg_match('/privacy/', $sarg['report_options']) ? "yes" : "no"); + $displayed_values = (preg_match('/displayed_values/', $sarg['report_options']) ? "abbreviation" : "bytes"); + $bytes_in_sites_users_report = (preg_match('/bytes_in_sites_users_report/', $sarg['report_options']) ? "yes" : "no"); + $date_time_by = (preg_match('/date_time_by_bytes/', $sarg['report_options']) ? "bytes" : ""); + $date_time_by .= (preg_match('/date_time_by_elap/', $sarg['report_options']) ? " elap" : ""); + if (empty($date_time_by)) { + $date_time_by = "bytes"; + } + $date_format = (preg_match("/\w/", $sarg['report_date_format']) ? $sarg['report_date_format'] : "u"); + $report_type = preg_replace('/,/', ' ', $sarg['report_type']); + $report_charset = $sarg['report_charset'] ?: "UTF-8"; + $exclude_string = (empty($sarg['exclude_string']) ? "" : 'exclude_string "' . $sarg['exclude_string'] . '"'); + + // limits + $max_elapsed = $sarg['max_elapsed'] ?: "0"; + $lastlog = $sarg['lastlog'] ?: "0"; + $topuser_num = $sarg['topuser_num'] ?: "0"; + $authfail_report_limit = $sarg['authfail_report_limit'] ?: "0"; + $denied_report_limit = $sarg['denied_report_limit'] ?: "0"; + $report_limit = $sarg['user_report_limit'] ?: "0"; + $user_report_limit = "siteusers_report_limit " . $report_limit . "\n"; + $user_report_limit .= "user_report_limit " . $report_limit . "\n"; + if (preg_match("/(squidguard|dansguardian)/", $sarg['proxy_server'])) { + $user_report_limit .= $sarg['proxy_server'] . "_report_limit " . $report_limit . "\n"; + } + + // user tab + $ntlm_user_format = $sarguser['ntlm_user_format'] ?: 'domainname+username'; + if (!empty($sarguser['include_userlist'])) { + $include_users = "$include_users " . $sarguser['include_userlist']; + } + if (empty($sarguser['usertab'])) { $usertab="none"; - } - else{ - $usertab= SARG_DIR . "/etc/sarg/usertab.conf"; - file_put_contents( SARG_DIR . '/etc/sarg/usertab.conf', sarg_text_area_decode($sarguser['usertab']),LOCK_EX); - } - if($sarguser['ldap_enable']){ - $usertab="ldap"; - $LDAPHost=(empty($sarguser['ldap_host'])?"":"LDAPHost ".$sarguser['ldap_host']); - $LDAPort=(empty($sarguser['ldap_port'])?"":"LDAPPort ".$sarguser['ldap_port']); - $LDAPBindDN=(empty($sarguser['ldap_bind_dn'])?"":"LDAPBindDN ".$sarguser['ldap_bind_dn']); - $LDAPBindPW=(empty($sarguser['ldap_bind_pw'])?"":"LDAPBindPW ".$sarguser['ldap_bind_pw']); - $LDAPBaseSearch=(empty($sarguser['ldap_base_search'])?"":"LDAPBaseSearch ".$sarguser['ldap_base_search']); - $LDAPTargetAttr=(empty($sarguser['ldap_target_Attr'])?"":"LDAPTargetAttr ".$sarguser['ldap_target_Attr']); - $LDAPFilterSearch=(empty($sarguser['ldap_filter_search'])?"":"LDAPFilterSearch ".$sarguser['ldap_filter_search']); - } - - - #move old reports - if (is_dir("/usr/local/www/sarg-reports") && !is_dir("/usr/local/sarg-reports")) + } else { + $usertab = SARG_DIR . "/etc/sarg/usertab.conf"; + file_put_contents(SARG_DIR . '/etc/sarg/usertab.conf', sarg_text_area_decode($sarguser['usertab']), LOCK_EX); + } + if ($sarguser['ldap_enable']) { + $usertab = "ldap"; + $LDAPHost = (empty($sarguser['ldap_host']) ? "" : "LDAPHost " . $sarguser['ldap_host']); + $LDAPort = (empty($sarguser['ldap_port']) ? "" : "LDAPPort " . $sarguser['ldap_port']); + $LDAPBindDN = (empty($sarguser['ldap_bind_dn']) ? "" : "LDAPBindDN " . $sarguser['ldap_bind_dn']); + $LDAPBindPW = (empty($sarguser['ldap_bind_pw']) ? "" : "LDAPBindPW " . $sarguser['ldap_bind_pw']); + $LDAPBaseSearch = (empty($sarguser['ldap_base_search']) ? "" : "LDAPBaseSearch " . $sarguser['ldap_base_search']); + $LDAPTargetAttr = (empty($sarguser['ldap_target_Attr']) ? "" : "LDAPTargetAttr " . $sarguser['ldap_target_Attr']); + $LDAPFilterSearch = (empty($sarguser['ldap_filter_search']) ? "" : "LDAPFilterSearch " . $sarguser['ldap_filter_search']); + } + + // move old reports + if (is_dir("/usr/local/www/sarg-reports") && !is_dir("/usr/local/sarg-reports")) { rename("/usr/local/www/sarg-reports","/usr/local/sarg-reports"); + } + + // check dirs + $dirs = array("/usr/local/sarg-reports", "/usr/local/www/sarg-images", "/usr/local/www/sarg-images/temp"); + foreach ($dirs as $dir) { + if (!is_dir($dir)) { + mkdir($dir, 0755, true); + } + } - #check dirs - $dirs=array("/usr/local/sarg-reports","/usr/local/www/sarg-images","/usr/local/www/sarg-images/temp"); - foreach ($dirs as $dir) - if (!is_dir($dir)) - mkdir ($dir,0755,true); - - #images - $simages=array("datetime.png","graph.png","sarg-squidguard-block.png","sarg.png"); - $simgdir1="/usr/local/www/sarg-images"; - $simgdir2= SARG_DIR . "/etc/sarg/images"; - foreach ($simages as $simage){ - if (!file_exists("{$simgdir1}/{$simage}")) + // images + $simages = array("datetime.png", "graph.png", "sarg-squidguard-block.png", "sarg.png"); + $simgdir1 = "/usr/local/www/sarg-images"; + $simgdir2 = SARG_DIR . "/etc/sarg/images"; + foreach ($simages as $simage) { + if (!file_exists("{$simgdir1}/{$simage}")) { copy("{$simgdir2}/{$simage}","{$simgdir1}/{$simage}"); + } } - - //log_error($_POST['__csrf_magic']." sarg log:". $access_log); - #create sarg config files - $sarg_dir= SARG_DIR; + + // create sarg config files + $sarg_dir = SARG_DIR; include("/usr/local/pkg/sarg.template"); - file_put_contents( SARG_DIR . "/etc/sarg/sarg.conf", $sg, LOCK_EX); - file_put_contents( SARG_DIR . '/etc/sarg/exclude_hosts.conf', sarg_text_area_decode($sarg['exclude_hostlist']),LOCK_EX); - file_put_contents( SARG_DIR . '/etc/sarg/exclude_codes', sarg_text_area_decode($sarg['exclude_codelist']),LOCK_EX); - file_put_contents( SARG_DIR . '/etc/sarg/hostalias',sarg_text_area_decode($sarg['hostalias']),LOCK_EX); - file_put_contents( SARG_DIR . '/etc/sarg/exclude_users.conf', sarg_text_area_decode($sarguser['exclude_userlist']),LOCK_EX); - #check cron_tab - $new_cron=array(); - $cron_found=0; - if (is_array($config['cron']['item'])) - foreach($config['cron']['item'] as $cron){ - if (preg_match("/usr.local.www.sarg.php/",$cron["command"])) + file_put_contents(SARG_DIR . "/etc/sarg/sarg.conf", $sg, LOCK_EX); + file_put_contents(SARG_DIR . '/etc/sarg/exclude_hosts.conf', sarg_text_area_decode($sarg['exclude_hostlist']), LOCK_EX); + file_put_contents(SARG_DIR . '/etc/sarg/exclude_codes', sarg_text_area_decode($sarg['exclude_codelist']), LOCK_EX); + file_put_contents(SARG_DIR . '/etc/sarg/hostalias',sarg_text_area_decode($sarg['hostalias']), LOCK_EX); + file_put_contents(SARG_DIR . '/etc/sarg/exclude_users.conf', sarg_text_area_decode($sarguser['exclude_userlist']), LOCK_EX); + + // check cron_tab + // TODO: Redo this mess to use install_cron_job() instead + $new_cron = array(); + $cron_found = 0; + if (is_array($config['cron']['item'])) { + foreach($config['cron']['item'] as $cron) { + if (preg_match("/usr.local.www.sarg.php/", $cron["command"])) { $cron_found++; - else - $new_cron['item'][]=$cron; + } else { + $new_cron['item'][] = $cron; } + } $cron_cmd="/usr/local/bin/php --no-header /usr/local/www/sarg.php"; - $sarg_schedule_id=0; - if (is_array($config['installedpackages']['sargschedule']['config'])) - foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule){ - if(preg_match('/(\d+)m/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){ - $new_cron['item'][]=array( "minute" => "*/".$matches[1], - "hour" => "*", - "mday" => "*", - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> $cron_cmd." ".$sarg_schedule_id); - $config['cron']=$new_cron; + $sarg_schedule_id = 0; + if (is_array($config['installedpackages']['sargschedule']['config'])) { + foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule) { + if (preg_match('/(\d+)m/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "*/" . $matches[1], + "hour" => "*", + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command" => $cron_cmd . " " . $sarg_schedule_id); + $config['cron'] = $new_cron; $cron_found++; - } - if(preg_match('/(\d+)h/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){ - $new_cron['item'][]=array( "minute" => "0", - "hour" => "*/".$matches[1], - "mday" => "*", - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> $cron_cmd." ".$sarg_schedule_id); - $config['cron']=$new_cron; + } + if (preg_match('/(\d+)h/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "0", + "hour" => "*/" . $matches[1], + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command" => $cron_cmd . " " . $sarg_schedule_id); + $config['cron'] = $new_cron; $cron_found++; - } - if(preg_match('/(\d+)d/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){ - $new_cron['item'][]=array( "minute" => "0", - "hour" => "0", - "mday" => "*/".$matches[1], - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> $cron_cmd." ".$sarg_schedule_id); + } + if (preg_match('/(\d+)d/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "0", + "hour" => "0", + "mday" => "*/" . $matches[1], + "month" => "*", + "wday" => "*", + "who" => "root", + "command"=> $cron_cmd . " " . $sarg_schedule_id); $config['cron']=$new_cron; $cron_found++; - } - $sarg_schedule_id++; - } + } + $sarg_schedule_id++; + } + } - #update cron - if ($cron_found > 0){ - $config['cron']=$new_cron; - write_config(); - configure_cron(); + // update cron + if ($cron_found > 0) { + $config['cron'] = $new_cron; + write_config(); + configure_cron(); } - #Write config if any file from filesystem was loaded - if ($update_conf > 0) + } + + // write config if any file from filesystem was loaded + if ($update_conf > 0) { write_config(); - - #mount filesystem readonly + } + + // mount filesystem readonly conf_mount_ro(); - + sarg_sync_on_changes(); } function sarg_validate_input($post, &$input_errors) { - global $config,$g; + global $config, $g; foreach ($post as $key => $value) { - if (empty($value)) + if (empty($value)) { continue; - # check dansguardian - if (substr($key, 0, 12) == "proxy_server" && $value == "dansguardian"){ - if (is_array($config['installedpackages']['dansguardianlog'])){ - if ($config['installedpackages']['dansguardianlog']['config'][0]['logfileformat']!=3){ - $input_errors[]='Sarg is only compatible with dansguardian log squid mode'; - $input_errors[]='Please change it on service -> dansguarian -> report and log -> log file format'; + } + // check dansguardian + if (substr($key, 0, 12) == "proxy_server" && $value == "dansguardian") { + if (is_array($config['installedpackages']['dansguardianlog'])) { + if ($config['installedpackages']['dansguardianlog']['config'][0]['logfileformat'] != 3) { + $input_errors[] = 'Sarg is only compatible with dansguardian squid mode log'; + $input_errors[] = 'Please change it on Services -> Dansguardian -> Report and log -> Log file format'; } - } - else + } else { $input_errors[]='dansguardian package not detected'; } + } # check squidguard if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard") if (!is_array($config['installedpackages']['squidguardgeneral'])) $input_errors[]='squidguard package not detected'; - # check squid - if (substr($key, 0, 5) == "proxy_server" && $value == "squid"){ - if (is_array($config['installedpackages']['squid'])) - if (!$config['installedpackages']['squid']['log_enabled']) + # check squid + if (substr($key, 0, 5) == "proxy_server" && $value == "squid") { + if (is_array($config['installedpackages']['squid'])) { + if (!$config['installedpackages']['squid']['log_enabled']) { $input_errors[]='squidlogs not enabled'; - else - $input_errors[]='squid package not installed'; } - - if (substr($key, 0, 11) == "description" && !preg_match("@^[a-zA-Z0-9 _/.-]+$@", $value)) - $input_errors[] = "Do not use special characters on description"; - if (substr($key, 0, 8) == "fullfile" && !preg_match("@^[a-zA-Z0-9_/.-]+$@", $value)) - $input_errors[] = "Do not use special characters on filename"; - #check cron option - if($key == "frequency" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) - $input_errors[] = "A valid number with a time reference is required for the field 'Update Frequency'"; + } else { + $input_errors[]='squid package not installed'; + } + } + + if (substr($key, 0, 11) == "description" && !preg_match("@^[a-zA-Z0-9 _/.-]+$@", $value)) { + $input_errors[] = "Do not use special characters in description"; + } + if (substr($key, 0, 8) == "fullfile" && !preg_match("@^[a-zA-Z0-9_/.-]+$@", $value)) { + $input_errors[] = "Do not use special characters in filename"; + } + // check cron option + if ($key == "frequency" && (!preg_match("/^\d+(h|m|d)$/", $value) || $value == 0)) { + $input_errors[] = "A valid number with a time reference is required for the field 'Update Frequency'"; + } } } /* Uses XMLRPC to synchronize the changes to a remote node */ function sarg_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['sargsync']['config'])){ - $sarg_sync=$config['installedpackages']['sargsync']['config'][0]; + if (is_array($config['installedpackages']['sargsync']['config'])) { + $sarg_sync = $config['installedpackages']['sargsync']['config'][0]; $synconchanges = $sarg_sync['synconchanges']; $synctimeout = $sarg_sync['synctimeout']; - switch ($synconchanges){ + switch ($synconchanges) { case "manual": - if (is_array($sarg_sync[row])){ - $rs=$sarg_sync[row]; - } - else{ + if (is_array($sarg_sync[row])) { + $rs = $sarg_sync[row]; + } else { log_error("[sarg] xmlrpc sync is enabled but there is no hosts to push on sarg config."); return; - } + } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['ipaddress']=$system_carp['synchronizetoip']; - $rs[0]['username']=$system_carp['username']; - $rs[0]['password']=$system_carp['password']; - if ($system_carp['synchronizetoip'] =="" || $system_carp['username']==""){ - log_error("[sarg] xmlrpc sync is enabled but there is no system backup hosts to push sarg config."); - return; - } - - } - else{ - log_error("[sarg] xmlrpc sync is enabled but there is no system backup hosts to push sarg config."); + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) { + $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + if ($system_carp['synchronizetoip'] == "" || $system_carp['username'] == "") { + log_error("[sarg] xmlrpc sync is enabled but there are no system backup hosts to push sarg config."); return; } - break; + + } else { + log_error("[sarg] xmlrpc sync is enabled but there are no system backup hosts to push sarg config."); + return; + } + break; default: return; break; } - if (is_array($rs)){ + if (is_array($rs)) { log_error("[sarg] xmlrpc sync is starting."); - foreach($rs as $sh){ + foreach($rs as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; - if($sh['username']) + if ($sh['username']) { $username = $sh['username']; - else + } else { $username = 'admin'; - if($password && $sync_to_ip) + } + if ($password && $sync_to_ip) { sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout); } - log_error("[sarg] xmlrpc sync is ending."); } - } + log_error("[sarg] xmlrpc sync is ending."); + } + } } -/* Do the actual XMLRPC sync */ +/* do the actual XMLRPC sync */ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { global $config, $g; - if(!$username) + if (!$username) { return; - - if(!$password) + } + + if (!$password) { return; + } - if(!$sync_to_ip) + if (!$sync_to_ip) { return; - - if(!$synctimeout) - $synctimeout="150"; - + } + + if (!$synctimeout) { + $synctimeout="250"; + } + $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { + + if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + } + $port = $config['system']['webgui']['port']; + /* if port is empty, let's rely on the protocol selection */ + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") { $port = "80"; - else + } else { $port = "443"; - } + } + } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ @@ -547,22 +568,23 @@ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { XML_RPC_encode($xml) ); - /* set a few variables needed for sync code borrowed from filter.inc */ + /* set a few variables needed for sync code */ $url = $synchronizetoip; log_error("Beginning sarg XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - if($g['debug']) + if ($g['debug']) { $cli->setDebug(1); + } /* send our XMLRPC message and timeout after $synctimeout seconds */ $resp = $cli->send($msg, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "sarg Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -571,27 +593,27 @@ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { } else { log_error("sarg XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell sarg to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/sarg.inc');\n"; + $execcmd = "require_once('/usr/local/pkg/sarg.inc');\n"; $execcmd .= "sync_package_sarg();"; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("sarg XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "sarg Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -600,15 +622,6 @@ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { } else { log_error("sarg XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } - -} - -function sarg_php_install_command() { - sync_package_sarg(); -} - -function sarg_php_deinstall_command() { - // reserved } ?> diff --git a/config/sarg/sarg.php b/config/sarg/sarg.php index 98e6c426..7ac0d8aa 100644 --- a/config/sarg/sarg.php +++ b/config/sarg/sarg.php @@ -1,50 +1,45 @@ <?php -/* $Id$ */ -/* ========================================================================== */ /* - sarg.php - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - - All rights reserved. -*/ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + sarg.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require_once("/etc/inc/util.inc"); require_once("/etc/inc/functions.inc"); require_once("/etc/inc/pkg-utils.inc"); require_once("/etc/inc/globals.inc"); require_once("/usr/local/pkg/sarg.inc"); -$uname=posix_uname(); -if ($uname['machine']=='amd64') - ini_set('memory_limit', '250M'); +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') { + ini_set('memory_limit', '250M'); +} -if (preg_match ("/(\d+)/",$argv[1],$matches)) +if (preg_match("/(\d+)/", $argv[1], $matches)) { run_sarg($matches[1]); +} - -?>
\ No newline at end of file +?> diff --git a/config/sarg/sarg.priv.inc b/config/sarg/sarg.priv.inc index 4878c96e..d01066e2 100644 --- a/config/sarg/sarg.priv.inc +++ b/config/sarg/sarg.priv.inc @@ -4,7 +4,7 @@ global $priv_list; $priv_list['page-status-sarg-reports'] = array(); $priv_list['page-status-sarg-reports']['name'] = "WebCfg - Status: Sarg reports"; -$priv_list['page-status-sarg-reports']['descr'] = "Allow access to sarg reports page."; +$priv_list['page-status-sarg-reports']['descr'] = "Allow access to Sarg reports page."; $priv_list['page-status-sarg-reports']['match'] = array(); $priv_list['page-status-sarg-reports']['match'][] = "sarg_reports.php*"; $priv_list['page-status-sarg-reports']['match'][] = "sarg_frame.php*"; diff --git a/config/sarg/sarg.template b/config/sarg/sarg.template index abda925b..af08851c 100644 --- a/config/sarg/sarg.template +++ b/config/sarg/sarg.template @@ -1,8 +1,9 @@ <?php /* - sag.template - part of the Dansguardian package for pfSense - Copyright (C) 2012 Marcello Coutinho + sarg.template + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -25,11 +26,9 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#create sarg.conf - $sg=<<<EOF +// create sarg.conf + $sg = <<<EOF # sarg.conf # # TAG: access_log file @@ -39,7 +38,7 @@ access_log {$access_log} # TAG: graphs yes|no -# Use graphics where is possible. +# Use graphics where possible. # graph_days_bytes_bar_color blue|green|yellow|orange|brown|red # graphs {$graphs} @@ -52,37 +51,37 @@ graphs {$graphs} #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf # TAG: title -# Especify the title for html page. +# Specify the title for html page. # #title "Squid User Access Reports" # TAG: font_face -# Especify the font for html page. +# Specify the font for html page. # #font_face Tahoma,Verdana,Arial # TAG: header_color -# Especify the header color +# Specify the header color # #header_color darkblue # TAG: header_bgcolor -# Especify the header bgcolor +# Specify the header bgcolor # #header_bgcolor blanchedalmond # TAG: font_size -# Especify the text font size +# Specify the text font size # #font_size 9px # TAG: header_font_size -# Especify the header font size +# Specify the header font size # #header_font_size 9px # TAG: title_font_size -# Especify the title font size +# Specify the title font size # #title_font_size 11px @@ -135,7 +134,7 @@ graphs {$graphs} # TAG: password # User password file used by Squid authentication scheme -# If used, generate reports just for that users. +# If used, generate reports just for those users. # #password none @@ -153,7 +152,7 @@ output_dir /usr/local/sarg-reports # TAG: anonymous_output_files yes/no # Use anonymous file and directory names in the report. If it is set to -# no (the default), the user id/ip/name is slightly mangled to create a +# no (the default), the user ID/IP/name is slightly mangled to create a # suitable file name to store the report of the user but the user's # identity can easily be guessed from the mangled name. If this option is # set, any file or directory belonging to the user is replaced by a short @@ -169,12 +168,12 @@ anonymous_output_files {$anonymous_output_files} #output_email none # TAG: resolve_ip yes/no -# Convert ip address to dns name +# Convert IP address to DNS name # sarg -n resolve_ip {$resolve_ip} # TAG: user_ip yes/no -# Use Ip Address instead userid in reports. +# Use IP address instead of userid in reports. # sarg -p user_ip {$user_ip} @@ -192,22 +191,22 @@ user_sort_field {$sarguser['user_sort_field']} {$sort_order} # TAG: exclude_users file # users within the file will be excluded from reports. -# you can use indexonly to have only index.html file. +# You can use indexonly to have only index.html file. # exclude_users {$sarg_dir}/etc/sarg/exclude_users.conf # TAG: exclude_hosts file # Hosts, domains or subnets will be excluded from reports. # -# Eg.: 192.168.10.10 - exclude ip address only -# 192.168.10.0/24 - exclude full C class -# s1.acme.foo - exclude hostname only -# *.acme.foo - exclude full domain name +# Eg.: 192.168.10.10 - exclude this IP address only +# 192.168.10.0/24 - exclude entire subnet +# host1.example.com - exclude this hostname only +# *.example.com - exclude entire domain # exclude_hosts {$sarg_dir}/etc/sarg/exclude_hosts.conf # TAG: useragent_log file -# useragent.log file patch to generate useragent report. +# useragent.log file path to generate useragent report. # #useragent_log none @@ -219,12 +218,12 @@ date_format {$date_format} # TAG: per_user_limit file MB # Saves userid on file if download exceed n MB. -# This option allow you to disable user access if user exceed a download limit. +# This option allows you to disable user access if user exceeds a download limit. # #per_user_limit none # TAG: lastlog n -# How many reports files must be kept in reports directory. +# How many reports files will be kept in reports directory. # The oldest report file will be automatically removed. # 0 - no limit. # @@ -232,7 +231,7 @@ date_format {$date_format} lastlog {$lastlog} # TAG: remove_temp_files yes -# Remove temporary files: geral, usuarios, top, periodo from root report directory. +# Remove temporary files from root report directory. # remove_temp_files {$remove_temp_files} @@ -254,8 +253,8 @@ index_tree {$index_tree} #index_fields dirsize # TAG: overwrite_report yes|no -# yes - if report date already exist then will be overwrited. -# no - if report date already exist then will be renamed to filename.n, filename.n+1 +# yes - if report date already exist it will be overwrited. +# no - if report date already exist it will be renamed to filename.n, filename.n+1 # overwrite_report {$overwrite_report} @@ -263,13 +262,13 @@ overwrite_report {$overwrite_report} # What can I do with records without user id (no authentication) in access.log file ? # # ignore - This record will be ignored. -# ip - Use ip address instead. (default) +# ip - Use IP address instead. (default) # everybody - Use "everybody" instead. # #records_without_userid ip # TAG: use_comma no|yes -# Use comma instead point in reports. +# Use comma instead of dot in reports. # Eg.: use_comma yes => 23,450,110 # use_comma no => 23.450.110 # @@ -283,7 +282,7 @@ use_comma {$use_comma} # here. # # If you need too, you can use a shell script to process the content of /dev/stdin -# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever +# (/dev/stdin is the mail_content passed by Sarg to the script) and call whatever # command you like. It is not limited to mailing the report via SMTP. # # Don't forget to quote the command if necessary (i.e. if the path contains @@ -297,17 +296,17 @@ use_comma {$use_comma} #topsites_num 100 # TAG: topsites_sort_order CONNECT|BYTES|TIME A|D -# Sort for topsites report, where A=Ascendent, D=Descendent +# Sort for topsites report, where A=Ascending, D=Descending # #topsites_sort_order CONNECT D # TAG: index_sort_order A/D -# Sort for index.html, where A=Ascendent, D=Descendent +# Sort for index.html, where A=Ascending, D=Descending # #index_sort_order D # TAG: exclude_codes file -# Ignore records with these codes. Eg.: NONE/400 +# Ignore records with these Squid return codes. Eg.: NONE/400 # Write one code per line. Lines starting with a # are ignored. # Only codes matching exactly one of the line is rejected. The # comparison is not case sensitive. @@ -316,12 +315,12 @@ exclude_codes {$sarg_dir}/etc/sarg/exclude_codes # TAG: replace_index string # Replace "index.html" in the main index file with this string -# If null "index.html" is used +# If null, "index.html" is used # #replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?> # TAG: max_elapsed milliseconds -# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time. +# If elapsed time recorded in log is greater than max_elapsed, use 0 for elapsed time. # Use 0 for no checking # #max_elapsed 28800000 @@ -330,7 +329,7 @@ max_elapsed {$max_elapsed} # TAG: report_type type # What kind of reports to generate. -# topusers - users, sites, times, bytes, connects, links to accessed sites, etc +# topusers - users, sites, times, bytes, connects, links to accessed sites, etc. # topsites - site, connect and bytes report # sites_users - users and sites report # users_sites - accessed sites by the user report @@ -346,12 +345,12 @@ max_elapsed {$max_elapsed} report_type {$report_type} # TAG: usertab filename -# You can change the "userid" or the "ip address" to be a real user name on the reports. -# If resolve_ip is active, the ip address is resolved before being looked up into this -# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or -# the resolved name will be looked into the file instead of the ip address. Note that -# it can be used to resolve any ip address known to the dns and then map the unresolved -# ip addresses to a name found in the usertab file. +# You can change the "userid" or the "IP address" to be a real user name on the reports. +# If resolve_ip is active, the IP address is resolved before being looked up in this +# file. That is, if you want to map the ip address, be sure to set resolve_ip to no or +# the resolved name will be looked up in the file instead of the IP address. Note that +# it can be used to resolve any IP address known to the DNS and then map the unresolved +# IP addresses to a name found in the usertab file. # Table syntax: # userid name or ip address name # Eg: @@ -360,9 +359,9 @@ report_type {$report_type} # 192.168.10.1 Karol Wojtyla # # Each line must be terminated with '\ n' -# If usertab have value "ldap" (case ignoring), user names -# will be taken from LDAP server. This method as approaches for reception -# of usernames from Active Didectory +# If usertab is set to value "ldap" (case ignored), user names +# will be taken from LDAP server. Use this method to obtain usernames +# LDAP / Active Directory. # #usertab none usertab {$usertab} @@ -380,34 +379,35 @@ usertab {$usertab} {$LDAPPort} # TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com -# DN of LDAP user, who is authorized to read user's names from LDAP base +# DN of the LDAP user who is authorized to the search the LDAP database # default is empty line #LDAPBindDN cn=proxy,dc=mydomain,dc=local {$LDAPBindDN} # TAG: LDAPBindPW secret -# Password of DN, who is authorized to read user's names from LDAP base +# Password for LDAPBindDN specified above. # default is empty line #LDAPBindPW secret {$LDAPBindPW} # TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com -# LDAP search base +# LDAP search base DN. The search base is the place in the hierarchical LDAP structure +# where the search for user accounts starts. # default is empty line #LDAPBaseSearch ou=users,dc=mydomain,dc=local {$LDAPBaseSearch} # TAG: LDAPFilterSearch (uid=%s) -# User search filter by user's logins in LDAP +# Use this to filter the user login entries to be returned for a search operation in LDAP. # First founded record will be used # %s - will be changed to userlogins from access.log file -# filter string can have up to 5 '%s' tags +# Search filter string can have up to 5 '%s' tags. # default value is '(uid=%s)' #LDAPFilterSearch (uid=%s) {$LDAPFilterSearch} # TAG: LDAPTargetAttr attributename -# Name of the attribute containing a name of the user +# Name of the attribute containing the login name of the user. # default value is 'cn' #LDAPTargetAttr cn {$LDAPTargetAttr} @@ -431,15 +431,15 @@ date_time_by {$date_time_by} # graphic character sets for writing in alphabetic languages # You can use the following charsets: # Latin1 - West European -# Latin2 - East European -# Latin3 - South European -# Latin4 - North European +# Latin2 - Central and East European +# Latin3 - Southeast European +# Latin4 - Scandinavian/Baltic # Cyrillic # Arabic # Greek # Hebrew # Latin5 - Turkish -# Latin6 +# Latin6 - Lappish/Nordic/Eskimo # Windows-1251 # Japan # Koi8-r @@ -457,7 +457,7 @@ charset {$report_charset} # privacy_string "***.***.***.***" # privacy_string_color blue # In some countries the sysadm cannot see the visited sites by a restrictive law. -# Using privacy yes the visited url will be changes by privacy_string and the link +# Using privacy 'yes', the visited url will be changes by privacy_string and the link # will be removed from reports. # privacy {$privacy} @@ -525,7 +525,7 @@ topuser_num {$topuser_num} {$datafile_fields} # TAG: datafile_url ip|name -# Saves the URL as ip or name in datafile +# Saves the URL as IP or name in datafile # #datafile_url ip @@ -552,8 +552,8 @@ topuser_num {$topuser_num} dansguardian_conf {$dansguardian_conf} # TAG: dansguardian_filter_out_date on|off -# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action. -# Note the change of parameter value compared with the old option. +# This option replaces dansguardian_ignore_date (its name was not appropriate with respect to its action). +# Note the change of parameter value compared to the old option. # 'off' use the record even if its date is outside of the range found in the input log file. # 'on' use the record only if its date is in the range found in the input log file. # @@ -569,7 +569,7 @@ dansguardian_conf {$dansguardian_conf} {$squidguard_conf} # TAG: redirector_log file -# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option +# The location of the web proxy redirector log, such as one created by squidGuard or Rejik. The option # may be repeated up to 64 times to read multiple files. # If this option is specified, it takes precedence over squidguard_conf. # The command line option -L override this option. @@ -577,9 +577,9 @@ dansguardian_conf {$dansguardian_conf} #redirector_log /usr/local/squidGuard/var/logs/urls.log # TAG: redirector_filter_out_date on|off -# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not -# appropriate with respect to their action. -# Note the change of parameter value compared with the old options. +# This option replaces squidguard_ignore_date and redirector_ignore_date (their names were not +# appropriate with respect to their actions). +# Note the change of parameter value compared to the old options. # 'off' use the record even if its date is outside of the range found in the input log file. # 'on' use the record only if its date is in the range found in the input log file. # @@ -587,23 +587,23 @@ dansguardian_conf {$dansguardian_conf} # TAG: redirector_log_format # Format string for web proxy redirector logs. -# This option was named squidguard_log_format before sarg 2.3. +# This option was named squidguard_log_format before Sarg 2.3. # REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end# # SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# #redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# {$redirector_log_format} # TAG: show_sarg_info yes|no -# shows sarg information and site path on each report bottom +# shows Sarg information and site path on each report bottom # show_sarg_info no # TAG: show_sarg_logo yes|no -# shows sarg logo +# shows Sarg logo # show_sarg_logo no # TAG: parsed_output_log directory -# Saves the processed log in a sarg format after parsing the squid log file. +# Saves the processed log in a Sarg format after parsing the squid log file. # This is a way to dump all of the data structures out, after parsing from # the logs (presumably this data will be much smaller than the log files themselves), # and pull them back in for later processing and merging with data from previous logs. @@ -657,27 +657,27 @@ denied_report_limit {$denied_report_limit} www_document_root /usr/local/www # TAG: block_it module_url -# This tag allow you to pass urls from user reports to a cgi or php module, -# to be blocked by some Squid acl +# This tag allows you to pass urls from user reports to a cgi or php module, +# to be blocked by some Squid acl. # # Eg.: block_it /sarg-php/sarg-block-it.php # sarg-block-it is a php that will append a url to a flat file. # You must change /var/www/html/sarg-php/sarg-block-it to point to your file -# in $filename variable, and chown to a httpd owner. +# in $filename variable, and chown to the httpd owner. # -# sarg will pass http://module_url?url=url +# Sarg will pass http://module_url?url=url # #block_it none # TAG: external_css_file path -# Provide the path to an external css file to link into the HTML reports instead of -# the inline css written by sarg when this option is not set. +# Provide the path to an external CSS file to link into the HTML reports instead of +# the inline CSS written by sarg when this option is not set. # # In versions prior to 2.3, this used to be an absolute file name to # a file to include verbatim in each HTML page but, as it takes a lot of -# space, version 2.3 switched to a link to an external css file. +# space, version 2.3 switched to a link to an external CSS file. # Therefore, this option must contain the HTTP server path on which a client -# browser may find the css file. +# browser may find the CSS file. # # Sarg use theses style classes: # .logo logo class @@ -692,7 +692,7 @@ www_document_root /usr/local/www # .data3 table text class, align:center # .link link class # -# Sarg can be instructed to output the internal css it inline +# Sarg can be instructed to output the internal CSS it inline # into the reports with this command: # # sarg --css @@ -721,8 +721,8 @@ www_document_root /usr/local/www # TAG: ulimit n # The maximum number of open file descriptors to avoid "Too many open files" error message. -# You need to run sarg as root to use ulimit tag. -# If you run sarg with a low privilege user, set to 'none' to disable ulimit +# You need to run Sarg as root to use ulimit tag. +# If you run Sarg with a low privilege user, set to 'none' to disable ulimit # #ulimit 20000 @@ -733,7 +733,7 @@ www_document_root /usr/local/www ntlm_user_format {$ntlm_user_format} # TAG: realtime_refresh_time num sec -# How many time to auto refresh the realtime report +# How many seconds between auto refresh of the realtime report. # 0 = disable # realtime_refresh_time 0 @@ -775,24 +775,24 @@ realtime_unauthenticated_records show # is at the root of your web site. # # If the path starts with "../" then it is assumed to be a relative -# path and sarg adds as many "../" as necessary to locate the js script from +# path and Sarg adds as many "../" as necessary to locate the js script from # the output directory. Therefore, ../../sorttable.js links to the javascript # one level above output_dir. # # If this entry is set, each sortable table will have the "sortable" class set. # You may have a look at http://www.kryogenix.org/code/browser/sorttable/ -# for the implementation on which sarg is based. +# for the implementation on which Sarg is based. # sorttable /sarg_sorttable.js # TAG: hostalias -# The name of a text file containing the host names one per line and the +# The name of a text file containing the host names (one per line) and the # optional alias to use in the report instead of that host name. # Host names may contain up to one wildcard denoted by a *. The wildcard -# must not end the host name. -# The host name may be followed by an optional alias but if no alias is -# provided, the host name, including the wildcard, replaces any matching -# host name found in the log. +# must not be at the end of the host name. +# The host name may be followed by an optional alias; if no alias is provided, +# the host name, including the wildcard, replaces any matching host name found +# in the log. # Host names replaced by identical aliases are grouped together in the # reports. # IP addresses are supported and accept the CIDR notation both for IPv4 and diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml index 9266d211..00da6470 100644 --- a/config/sarg/sarg.xml +++ b/config/sarg/sarg.xml @@ -1,116 +1,103 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - sarg.xml - part of the sarg for pfSense - Copyright (C) 2012-2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + sarg.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>sarg</name> - <version>1.0</version> + <version>0.6.5</version> <title>Status: Sarg Settings</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <menu> <name>Sarg Reports</name> - <tooltiptext>Configure sarg</tooltiptext> + <tooltiptext>Configure Sarg</tooltiptext> <section>Status</section> <url>/pkg_edit.php?xml=sarg.xml</url> </menu> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg.inc</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_schedule.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_sync.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_users.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_realtime.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_about.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_reports.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_frame.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_sorttable.js</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg.priv.inc</item> <prefix>/etc/inc/priv/</prefix> - <chmod>0755</chmod> </additional_files_needed> <tabs> <tab> @@ -142,120 +129,133 @@ <text>Help</text> <url>/sarg_about.php</url> </tab> -</tabs> + </tabs> <fields> <field> <name>Report Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Proxy server</fielddescr> + <fielddescr>Proxy Server</fielddescr> <fieldname>proxy_server</fieldname> - <description><![CDATA[Select proxy server to read logs from]]></description> - <type>select</type> - <options> + <description>Select proxy server type to read logs from.</description> + <type>select</type> + <options> <option><name>Dansguardian</name><value>dansguardian</value></option> <option><name>Squidguard</name><value>squidguard</value></option> <option><name>Squid</name><value>squid</value></option> - </options> + </options> </field> <field> <fielddescr>Report Options</fielddescr> <fieldname>report_options</fieldname> - <description><![CDATA[Sarg report options. Default values are in ( )<br> - If you select any option, it will be enabled on conf file.<br> - Use CTRL + click on this field]]></description> - <type>select</type> - <options> - <option><name>Use graphics where is possible. (yes)</name><value>use_graphs</value></option> + <description> + <![CDATA[ + Select Sarg report options. Default values are in ( )<br /> + Use CTRL + click to (de)select multiple values. + ]]> + </description> + <type>select</type> + <options> + <option><name>Use graphs where is possible. (yes)</name><value>use_graphs</value></option> <option><name>Use anonymous file and directory names in the report. (no)</name><value>anonymous_output_files </value></option> - <option><name>Convert ip address to dns name (no)</name><value>resolve_ip</value></option> - <option><name>Use Ip Address instead userid in reports. (no)</name><value>user_ip</value></option> - <option><name>Sort Fields in Reverse order (no)</name><value>user_sort_field_order</value></option> - <option><name>Remove temporary files from root report directory (yes)</name><value>remove_temp_files</value></option> + <option><name>Convert IP address to DNS name (no)</name><value>resolve_ip</value></option> + <option><name>Use IP Address instead userid in reports. (no)</name><value>user_ip</value></option> + <option><name>Sort Fields in reverse order (no)</name><value>user_sort_field_order</value></option> + <option><name>Remove temporary files from root report directory (yes)</name><value>remove_temp_files</value></option> <option><name>Generate the main index.html (yes)</name><value>main_index</value></option> <option><name>Generate the index tree by file (yes)</name><value>index_tree</value></option> <option><name>Overwrite report (no)</name><value>overwrite_report</value></option> - <option><name>Use comma instead point in reports (yes)</name><value>use_comma</value></option> - <option><name>Show full url in report (no)</name><value>long_url</value></option> + <option><name>Use comma instead of dot in reports (yes)</name><value>use_comma</value></option> + <option><name>Show full URL in report (no)</name><value>long_url</value></option> <option><name>Privacy (no)</name><value>privacy</value></option> - <option><name>Show Bytes in sites users reports(no)</name><value>bytes_in_sites_users_report</value></option> - <option><name>Show values in reports using abbreviation (no)</name><value>displayed_values</value></option> + <option><name>Show bytes in sites users reports (no)</name><value>bytes_in_sites_users_report</value></option> + <option><name>Show abbreviated values in reports (no)</name><value>displayed_values</value></option> <option><name>Show the downloaded volume on Date/Time reports (yes)</name><value>date_time_by_bytes</value></option> - <option><name>Show the downloaded elapsed time on Date/Time reports (no)</name><value>date_time_by_elap</value></option> - </options> - <multiple/> - <size>17</size> + <option><name>Show the elapsed time on Date/Time reports (no)</name><value>date_time_by_elap</value></option> + </options> + <multiple/> + <size>16</size> </field> <field> - <fielddescr>Report to generate</fielddescr> + <fielddescr>Report To Generate</fielddescr> <fieldname>report_type</fieldname> - <description><![CDATA[Sarg report type. All are enabled by default<br> - Use CTRL + click on this field]]></description> - <type>select</type> - <options> - <option><name>topusers - users, sites, times, bytes, connects, links to accessed sites, etc</name><value>topusers</value></option> - <option><name>topsites - site, connect and bytes report</name><value>topsites</value></option> - <option><name>sites_users - users and sites report</name><value>sites_users</value></option> - <option><name>users_sites - accessed sites by the user report</name><value>users_sites</value></option> - <option><name>date_time - bytes used per day and hour report</name><value>date_time</value></option> - <option><name>denied - denied sites with full URL report</name><value>denied</value></option> - <option><name>auth_failures - autentication failures report</name><value>auth_failures</value></option> + <description> + <![CDATA[ + Sarg report type. All types are enabled by default.<br /> + Use CTRL + click to (de)select multiple values. + ]]> + </description> + <type>select</type> + <options> + <option><name>topusers - users, sites, times, bytes, connects, links to accessed sites, etc.</name><value>topusers</value></option> + <option><name>topsites - site, connect and bytes report</name><value>topsites</value></option> + <option><name>sites_users - users and sites report</name><value>sites_users</value></option> + <option><name>users_sites - sites accessed by the user report</name><value>users_sites</value></option> + <option><name>date_time - bytes used per day and hour report</name><value>date_time</value></option> + <option><name>denied - denied sites with full URL report</name><value>denied</value></option> + <option><name>auth_failures - autentication failures report</name><value>auth_failures</value></option> <option><name>site_user_time_date - sites, dates, times and bytes report</name><value>site_user_time_date</value></option> - <option><name>downloads - downloads per user report</name><value>downloads</value></option> - </options> - <multiple/> - <size>10</size> + <option><name>downloads - downloads per user report</name><value>downloads</value></option> + </options> + <multiple/> + <size>9</size> </field> <field> <fielddescr>Date Format</fielddescr> <fieldname>report_date_format</fieldname> - <description><![CDATA[Date format to use in reports.]]></description> + <description>Date format to use in reports.</description> <type>select</type> <options> - <option><name>American mm/dd/yy (default)</name><value>u</value></option> - <option><name>European dd/mm/yy</name><value>e</value></option> - <option><name>Weekly yy.ww</name><value>w</value></option> + <option><name>American mm/dd/yy (default)</name><value>u</value></option> + <option><name>European dd/mm/yy</name><value>e</value></option> + <option><name>Weekly yy.ww</name><value>w</value></option> </options> + <default_value>u</default_value> </field> <field> - <fielddescr>Report charset</fielddescr> + <fielddescr>Report Charset</fielddescr> <fieldname>report_charset</fieldname> - <description><![CDATA[ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit) graphic character sets for writing in alphabetic languages]]></description> + <description>Select character set for the reports.</description> <type>select</type> <options> - <option><name>UTF-8 (Default)</name><value>UTF-8</value></option> - <option><name>Latin1 - West European</name><value>Latin1</value></option> - <option><name>Latin2 - East European</name><value>Latin2</value></option> - <option><name>Latin3 - South European</name><value>Latin3</value></option> - <option><name>Latin4 - North European</name><value>Latin4</value></option> - <option><name>Latin5 - Turkish</name><value>Latin5</value></option> - <option><name>Latin6</name><value>Latin6</value></option> - <option><name>Cyrillic</name><value>Cyrillic</value></option> - <option><name>Arabic</name><value>Arabic</value></option> - <option><name>Greek</name><value>Greek</value></option> - <option><name>Hebrew</name><value>Hebrew</value></option> - <option><name>Windows-1251</name><value>Windows-1251</value></option> - <option><name>Japan</name><value>Japan</value></option> - <option><name>Koi8-r</name><value>Koi8-r</value></option> + <option><name>UTF-8 (default)</name><value>UTF-8</value></option> + <option><name>Latin1 - West European</name><value>Latin1</value></option> + <option><name>Latin2 - Central and East European</name><value>Latin2</value></option> + <option><name>Latin3 - Southeast European</name><value>Latin3</value></option> + <option><name>Latin4 - Scandinavian/Baltic</name><value>Latin4</value></option> + <option><name>Latin5 - Turkish</name><value>Latin5</value></option> + <option><name>Latin6 - Lappish/Nordic/Eskimo</name><value>Latin6</value></option> + <option><name>Cyrillic</name><value>Cyrillic</value></option> + <option><name>Arabic</name><value>Arabic</value></option> + <option><name>Greek</name><value>Greek</value></option> + <option><name>Hebrew</name><value>Hebrew</value></option> + <option><name>Windows-1251</name><value>Windows-1251</value></option> + <option><name>Japan</name><value>Japan</value></option> + <option><name>KOI8-R</name><value>Koi8-r</value></option> </options> + <default_value>UTF-8</default_value> </field> <field> <fielddescr>Host Aliases</fielddescr> <fieldname>hostalias</fieldname> - <description><![CDATA[The name of a text file containing the host names one per line and the optional alias to use in the report instead of that host name.<br> - Host names may contain up to one wildcard denoted by a *. The wildcard must not end the host name.<br> - The host name may be followed by an optional alias but if no alias is provided, the host name, including the wildcard, replaces any matching host name found in the log.<br> - Host names replaced by identical aliases are grouped together in the reports.<br> - IP addresses are supported and accept the CIDR notation both for IPv4 and IPv6 addresses.<br> - Sample:<br> - *.gstatic.com<br> - mt*.google.com<br> - *.myphone.microsoft.com<br> - *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure<br> - *.freeav.net antivirus:freeav<br> - *.mail.live.com<br> - 65.52.00.00/14 *.mail.live.com]]></description> + <description> + <![CDATA[ + Host names (one per line) and the optional alias to use in the report instead of that host name.<br /> + Host names may contain up to one wildcard denoted by a *. The wildcard must not be at the end of the host name.<br /> + The host name may be followed by an optional alias; if no alias is provided, the host name, including the wildcard, replaces any matching host name found in the log.<br /> + Host names replaced by identical aliases are grouped together in the reports.<br /> + IP addresses are supported and accept the CIDR notation both for IPv4 and IPv6 addresses.<br /><br /> + <strong>Examples:</strong><br /> + *.gstatic.com<br /> + mt*.google.com<br /> + *.myphone.microsoft.com<br /> + *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure<br /> + *.freeav.net antivirus:freeav<br /> + *.mail.live.com<br /> + 65.52.00.00/14 *.mail.live.com + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> @@ -268,77 +268,107 @@ <field> <fielddescr>Max Elapsed</fielddescr> <fieldname>max_elapsed</fieldname> - <description><![CDATA[If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.<br> - Samples: 0 means no checking<br> - 28800000 means 08 hours ]]></description> - <type>input</type> - <size>10</size> + <description> + <![CDATA[ + If elapsed time recorded in log is greater than specified limit in milliseconds, use 0 for elapsed time.<br /> + <strong>Examples:</strong> 0 means no checking; 28800000 means 8 hours. + ]]> + </description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> - <fielddescr>Reports list limits</fielddescr> + <fielddescr>Files Limits</fielddescr> <fieldname>lastlog</fieldname> - <description><![CDATA[How many reports files must be kept in reports directory.<br> - The oldest report file will be automatically removed.0 means no limit.]]></description> - <type>input</type> - <size>10</size> + <description> + <![CDATA[ + How many reports files will be be kept in reports directory. The oldest report file will be automatically removed.<br /> + Default: 0 - means no limit. + ]]> + </description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> - <fielddescr>Reports days limits</fielddescr> + <fielddescr>Days Limits</fielddescr> <fieldname>daylimit</fieldname> - <description><![CDATA[How many days reports files must be kept in reports directory.<br> - Older report file will be automatically removed.<br> - Leave empty to do not remove old reports.]]></description> - <type>input</type> - <size>10</size> + <description> + <![CDATA[ + Report files will be kept in reports directory for this many days. Report files older than limit will be automatically removed.<br /> + Leave empty to not remove old reports. + ]]> + </description> + <type>input</type> + <size>10</size> </field> <field> <fielddescr>Top Users Limit</fielddescr> <fieldname>topuser_num</fieldname> - <description><![CDATA[How many users in topsites report. 0 = no limit]]></description> - <type>input</type> - <size>10</size> + <description> + <![CDATA[ + How many users appear in topsites report. + Default: 0 - means no limit. + ]]> + </description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> <fielddescr>Denied Limit</fielddescr> <fieldname>denied_report_limit</fieldname> - <description><![CDATA[0 means no limit.]]></description> - <type>input</type> - <size>10</size> + <description><![CDATA[Default: 0 - means no limit.]]></description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> <fielddescr>AuthFail Limit</fielddescr> <fieldname>authfail_report_limit</fieldname> - <description><![CDATA[0 means no limit.]]></description> - <type>input</type> - <size>10</size> + <description><![CDATA[Default: 0 - means no limit.]]></description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> - <fielddescr>User_report_limit</fielddescr> + <fielddescr>User Report Limit</fielddescr> <fieldname>user_report_limit</fieldname> - <description><![CDATA[0 means no limit.]]></description> - <type>input</type> - <size>10</size> + <description><![CDATA[Default: 0 - means no limit.]]></description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> <name>Exclude Settings</name> <type>listtopic</type> </field> - <field> + <field> <fielddescr>Exclude string</fielddescr> <fieldname>exclude_string</fieldname> - <description><![CDATA[Records from access.log file that contain one of listed strings will be ignored.<br> - <strong>Format: string1:string2:...:stringn</strong>]]></description> + <description> + <![CDATA[ + Records from access.log file that contain one of listed strings will be ignored.<br /> + <strong>Format: string1:string2:...:stringn</strong> + ]]> + </description> <type>input</type> <size>70</size> </field> <field> - <fielddescr>Exclude hosts</fielddescr> + <fielddescr>Exclude Hosts</fielddescr> <fieldname>exclude_hostlist</fieldname> - <description><![CDATA[Hosts, domains or subnets will be excluded from reports.<br> - Eg.: 192.168.10.10 - exclude ip address only<br> - 192.168.10.0/24 - exclude full C class<br> - s1.acme.foo - exclude hostname only<br> - *.acme.foo - exclude full domain name]]></description> + <description> + <![CDATA[ + Hosts, domains or subnets that will be excluded from reports.<br /><br /> + <strong>Examples:</strong><br /> + 192.168.10.10 - exclude this IP address only.<br /> + 192.168.10.0/24 - exclude entire subnet.<br /> + host1.example.com - exclude this hostname only.<br /> + *.example.com - exclude entire domain. + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> @@ -347,24 +377,23 @@ <field> <fielddescr>Exclude codes</fielddescr> <fieldname>exclude_codelist</fieldname> - <description><![CDATA[Ignore records with these codes. Eg.: NONE/400<br> - Write one code per line. Lines starting with a # are ignored.<br> - Only codes matching exactly one of the line is rejected. The comparison is not case sensitive.]]></description> + <description> + <![CDATA[ + Ignore records with these <a href="http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes">Squid result codes</a>.<br /> + Only codes matching exactly one of the line is rejected. The comparison is not case sensitive.<br /> + <strong>Write one code per line. Lines starting with a # are ignored.</strong><br /> + <strong>Example:</strong> NONE/400 + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> <encoding>base64</encoding> </field> </fields> - <custom_php_install_command> - sarg_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - sarg_php_deinstall_command(); - </custom_php_deinstall_command> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sync_package_sarg(); </custom_php_resync_config_command> diff --git a/config/sarg/sarg_about.php b/config/sarg/sarg_about.php index fba456b2..11289bfe 100755 --- a/config/sarg/sarg_about.php +++ b/config/sarg/sarg_about.php @@ -1,8 +1,9 @@ <?php /* sarg_about.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,77 +27,64 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version < 2.0) - $one_two = true; - $pgtitle = "About: Sarg Package"; include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php if($one_two): ?> -<p class="pgtitle"><?=$pgtitle?></font></p> -<?php endif; ?> +<?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> - <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); - $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); - $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); - $tab_array[] = array(gettext("View Report"), false, "/sarg_reports.php"); - $tab_array[] = array(gettext("Realtime"), false, "/sarg_realtime.php"); - $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); - $tab_array[] = array(gettext("Help"), true, "/sarg_about.php"); - display_top_tabs($tab_array); -?> - </td></tr> - <tr> - - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> - <tr><td></td></tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Help docs"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Sarg Site");?></td> - <td width="78%" class="vtable"><?=gettext("<a target=_new href='http://sarg.sourceforge.net/'>Squid Analysis Report Generator</a><br><br>");?> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("About sarg package"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> - <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td> - <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> - If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> - </tr> - </table> - - </div> - </td> - </tr> - - - </table> - <br> - <div id="search_results"></div> + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); + $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); + $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); + $tab_array[] = array(gettext("View Report"), false, "/sarg_reports.php"); + $tab_array[] = array(gettext("Realtime"), false, "/sarg_realtime.php"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); + $tab_array[] = array(gettext("Help"), true, "/sarg_about.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td></td></tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Help Docs"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Sarg Site");?></td> + <td width="78%" class="vtable"><?=gettext("<a href='http://sarg.sourceforge.net/'>Squid Analysis Report Generator</a><br /><br />");?></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("About Sarg package"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> + <td width="78%" class="vtable"><?=gettext("Package created by <a href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br /><br />");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td> + <td width="78%" class="vtable"> + <?=gettext("If you like this package, please <a href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br /><br /> + If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br /><br />");?> + </td> + </tr> + </table> + </div> + </td></tr> +</table> +<br /> +<div id="search_results"></div> </div> <?php include("fend.inc"); ?> </body> diff --git a/config/sarg/sarg_frame.php b/config/sarg/sarg_frame.php index 6f3c941e..e6b27da6 100755 --- a/config/sarg/sarg_frame.php +++ b/config/sarg/sarg_frame.php @@ -1,9 +1,9 @@ <?php /* sarg_frame.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> - based on varnish_view_config. + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,55 +29,55 @@ */ require_once("authgui.inc"); -$uname=posix_uname(); -if ($uname['machine']=='amd64') - ini_set('memory_limit', '250M'); - -if(preg_match("/(\S+)\W(\w+.html)/",$_REQUEST['file'],$matches)){ - #https://192.168.1.1/sarg_reports.php?file=2012Mar30-2012Mar30/index.html - $url=$matches[2]; - $prefix=$matches[1]; - } -else{ - $url="index.html"; - $prefix=""; - } -$url=($_REQUEST['file'] == ""?"index.html":$_REQUEST['file']); -$dir="/usr/local/sarg-reports"; -$rand=rand(100000000000,999999999999); -$report=""; -if (file_exists("{$dir}/{$url}")) - $report=file_get_contents("{$dir}/{$url}"); -else if (file_exists("{$dir}/{$url}.gz")) { - $data = gzfile("{$dir}/{$url}.gz"); - $report = implode($data); - unset ($data); - } -if ($report != "" ) - { - $pattern[0]="/href=\W(\S+html)\W/"; - $replace[0]="href=/sarg_frame.php?prevent=".$rand."&file=$prefix/$1"; - $pattern[1]='/img src="\S+\W([a-zA-Z0-9.-]+.png)/'; - $replace[1]='img src="/sarg-images/$1'; - $pattern[2]='@img src="([.a-z/]+)/(\w+\.\w+)@'; - $replace[2]='img src="/sarg-images'.$prefix.'/$1/$2'; - $pattern[3]='/img src="([a-zA-Z0-9.-_]+).png/'; - $replace[3]='img src="/sarg-images/temp/$1.'.$rand.'.png'; - $pattern[4]='/<head>/'; - $replace[4]='<head><META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"><META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">'; +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') { + ini_set('memory_limit', '250M'); +} + +if (preg_match("/(\S+)\W(\w+.html)/", $_REQUEST['file'], $matches)) { + // URL format + // https://192.168.1.1/sarg_reports.php?file=2012Mar30-2012Mar30/index.html + $url = $matches[2]; + $prefix = $matches[1]; +} else { + $url = "index.html"; + $prefix = ""; +} - #look for graph files inside reports. - if (preg_match_all('/img src="([a-zA-Z0-9._-]+).png/',$report,$images)){ +$url = ($_REQUEST['file'] == "" ? "index.html" : $_REQUEST['file']); +$dir = "/usr/local/sarg-reports"; +$rand = rand(100000000000, 999999999999); +$report = ""; +if (file_exists("{$dir}/{$url}")) { + $report = file_get_contents("{$dir}/{$url}"); +} elseif (file_exists("{$dir}/{$url}.gz")) { + $data = gzfile("{$dir}/{$url}.gz"); + $report = implode($data); + unset ($data); +} +if ($report != "" ) { + $pattern[0] = "/href=\W(\S+html)\W/"; + $replace[0] = "href=/sarg_frame.php?prevent=" . $rand . "&file=$prefix/$1"; + $pattern[1] = '/img src="\S+\W([a-zA-Z0-9.-]+.png)/'; + $replace[1] = 'img src="/sarg-images/$1'; + $pattern[2] = '@img src="([.a-z/]+)/(\w+\.\w+)@'; + $replace[2] = 'img src="/sarg-images' . $prefix . '/$1/$2'; + $pattern[3] = '/img src="([a-zA-Z0-9.-_]+).png/'; + $replace[3] = 'img src="/sarg-images/temp/$1.' . $rand . '.png'; + $pattern[4] = '/<head>/'; + $replace[4] = '<head><META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"><META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">'; + + // look for graph files inside reports. + if (preg_match_all('/img src="([a-zA-Z0-9._-]+).png/', $report, $images)) { conf_mount_rw(); - for ($x=0;$x<count($images[1]);$x++){ - copy("{$dir}/{$prefix}/{$images[1][$x]}.png","/usr/local/www/sarg-images/temp/{$images[1][$x]}.{$rand}.png"); - } - conf_mount_ro(); + for ($x = 0; $x < count($images[1]); $x++) { + copy("{$dir}/{$prefix}/{$images[1][$x]}.png", "/usr/local/www/sarg-images/temp/{$images[1][$x]}.{$rand}.png"); } - print preg_replace($pattern,$replace,$report); + conf_mount_ro(); } -else{ - print "<pre>Error: Could not find report index file.<br>Check and save sarg settings and try to force sarg schedule."; - } + print preg_replace($pattern, $replace, $report); +} else { + print "Error: Could not find report index file.<br />Check and save Sarg settings and try to force Sarg schedule."; +} -?>
\ No newline at end of file +?> diff --git a/config/sarg/sarg_realtime.php b/config/sarg/sarg_realtime.php index f7618d1a..68104b61 100755 --- a/config/sarg/sarg_realtime.php +++ b/config/sarg/sarg_realtime.php @@ -1,8 +1,9 @@ <?php /* sarg_realtime.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,229 +27,227 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2") - define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); -else - define('SARG_DIR', '/usr/local'); - -$uname=posix_uname(); -if ($uname['machine']=='amd64') - ini_set('memory_limit', '250M'); - +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { + define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); +} else { + define('SARG_DIR', '/usr/local'); +} + +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') { + ini_set('memory_limit', '250M'); +} function get_cmd(){ - global $config,$g; - #print $_REQUEST['type']; - if ($_REQUEST['cmd'] =='sarg'){ - $update_config=0; - #Check report xml info - if (!is_array($config['installedpackages']['sargrealtime'])){ - $config['installedpackages']['sargrealtime']['config'][0]['realtime_types']= ""; - $config['installedpackages']['sargrealtime']['config'][0]['realtime_users']= ""; + global $config, $g; + // print $_REQUEST['type']; + if ($_REQUEST['cmd'] == 'sarg') { + $update_config = 0; + // Check report xml info + if (!is_array($config['installedpackages']['sargrealtime'])) { + $config['installedpackages']['sargrealtime']['config'][0]['realtime_types'] = ""; + $config['installedpackages']['sargrealtime']['config'][0]['realtime_users'] = ""; } - #Check report http actions to show - if ($config['installedpackages']['sargrealtime']['config'][0]['realtime_types'] != $_REQUEST['qshape']){ - $config['installedpackages']['sargrealtime']['config'][0]['realtime_types']= $_REQUEST['qshape']; + // Check report http actions to show + if ($config['installedpackages']['sargrealtime']['config'][0]['realtime_types'] != $_REQUEST['qshape']) { + $config['installedpackages']['sargrealtime']['config'][0]['realtime_types'] = $_REQUEST['qshape']; $update_config++; - } - - #Check report users show - if ($config['installedpackages']['sargrealtime']['config'][0]['realtime_users'] != $_REQUEST['type']){ + } + // Check report users show + if ($config['installedpackages']['sargrealtime']['config'][0]['realtime_users'] != $_REQUEST['type']) { $config['installedpackages']['sargrealtime']['config'][0]['realtime_users']= $_REQUEST['type']; $update_config++; - } - - if($update_config > 0){ + } + if ($update_config > 0) { write_config(); - #write changes to sarg_file - $sarg_config=file_get_contents(SARG_DIR . '/etc/sarg/sarg.conf'); - $pattern[0]='/realtime_types\s+[A-Z,,]+/'; - $replace[0]="realtime_types ".$_REQUEST['qshape']; - $pattern[1]='/realtime_unauthenticated_records\s+\w+/'; - $replace[1]="realtime_unauthenticated_records ".$_REQUEST['type']; - file_put_contents(SARG_DIR . '/etc/sarg/sarg.conf', preg_replace($pattern,$replace,$sarg_config),LOCK_EX); - } - exec(SARG_DIR ."/bin/sarg -r",$sarg); - $pattern[0]="/<?(html|head|style)>/"; - $replace[0]=""; - $pattern[1]="/header_\w/"; - $replace[1]="listtopic"; - $pattern[2]="/class=.data./"; - $replace[2]='class="listlr"'; - $pattern[3]="/cellpadding=.\d./"; - $replace[3]='cellpadding="0"'; - $pattern[4]="/cellspacing=.\d./"; - $replace[4]='cellspacing="0"'; - $pattern[5]="/sarg/"; - $replace[5]='cellspacing="0"'; - foreach ($sarg as $line){ - if (preg_match("/<.head>/",$line)) + // write changes to sarg_file + $sarg_config = file_get_contents(SARG_DIR . '/etc/sarg/sarg.conf'); + $pattern[0] = '/realtime_types\s+[A-Z,,]+/'; + $replace[0] = "realtime_types " . $_REQUEST['qshape']; + $pattern[1] = '/realtime_unauthenticated_records\s+\w+/'; + $replace[1] = "realtime_unauthenticated_records " . $_REQUEST['type']; + file_put_contents(SARG_DIR . '/etc/sarg/sarg.conf', preg_replace($pattern, $replace, $sarg_config), LOCK_EX); + } + exec(SARG_DIR . "/bin/sarg -r", $sarg); + $pattern[0] = "/<?(html|head|style)>/"; + $replace[0] = ""; + $pattern[1] = "/header_\w/"; + $replace[1] = "listtopic"; + $pattern[2] = "/class=.data./"; + $replace[2] = 'class="listlr"'; + $pattern[3] = "/cellpadding=.\d./"; + $replace[3] = 'cellpadding="0"'; + $pattern[4] = "/cellspacing=.\d./"; + $replace[4] = 'cellspacing="0"'; + $pattern[5] = "/sarg/"; + $replace[5] = 'cellspacing="0"'; + foreach ($sarg as $line) { + if (preg_match("/<.head>/", $line)) { $print ="ok"; - if ($print =="ok" && !preg_match("/(sarg realtime|Auto Refresh)/i",$line)) - print preg_replace($pattern,$replace,$line); + } + if ($print == "ok" && !preg_match("/(sarg realtime|Auto Refresh)/i", $line)) { + print preg_replace($pattern, $replace, $line); + } } } } -if ($_REQUEST['cmd']!=""){ +if ($_REQUEST['cmd'] != "") { require_once("authgui.inc"); require_once("functions.inc"); get_cmd(); - } -else{ +} else { require("guiconfig.inc"); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($pf_version < 2.0) - $one_two = true; - + $pgtitle = "Status: Sarg Realtime"; include("head.inc"); - + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> - - <?php if($one_two): ?> - <p class="pgtitle"><?=$pgtitle?></font></p> - <?php endif; ?> - + <?php if ($savemsg) print_info_box($savemsg); ?> - + <form action="sarg_realtime.php" method="post"> - + <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); - $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); - $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); - $tab_array[] = array(gettext("View Report"), false, "/sarg_reports.php"); - $tab_array[] = array(gettext("Realtime"), true, "/sarg_realtime.php"); - $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); - $tab_array[] = array(gettext("Help"), false, "/sarg_about.php"); - display_top_tabs($tab_array); - ?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> - <tr><td></td></tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Sarg Realtime"); ?></td></tr> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); + $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); + $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); + $tab_array[] = array(gettext("View Report"), false, "/sarg_reports.php"); + $tab_array[] = array(gettext("Realtime"), true, "/sarg_realtime.php"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); + $tab_array[] = array(gettext("Help"), false, "/sarg_about.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td></td></tr> + <tr><td colspan="2" valign="top" class="listtopic"><?=gettext("Sarg Realtime"); ?></td></tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Log command: ");?></td> - <td width="78%" class="vtable"> - <select name="drop3" id="cmd"> - <option value="sarg" selected="selected">Sarg Realtime</option> - </select><br><?=gettext("Select report command to run.");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Log command: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="cmd"> + <option value="sarg" selected="selected">Sarg Realtime</option> + </select> + <br /><?=gettext("Select report command to run.");?> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("update frequency: ");?></td> - <td width="78%" class="vtable"> - <select name="drop3" id="updatef"> - <option value="1">01 second</option> - <option value="3" selected="selected">03 seconds</option> - <option value="5">05 seconds</option> - <option value="15">15 Seconds</option> - <option value="30">30 Seconds</option> - <option value="60">One minute</option> - <option value="1">Never</option> - </select><br><?=gettext("Select how often report will run.");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("update frequency: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="updatef"> + <option value="1">01 second</option> + <option value="3" selected="selected">03 seconds</option> + <option value="5">05 seconds</option> + <option value="15">15 Seconds</option> + <option value="30">30 Seconds</option> + <option value="60">One minute</option> + <option value="1">Never</option> + </select> + <br /><?=gettext("Select how often report will run.");?> + </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Report Types: ");?></td> - <td width="78%" class="vtable"> - <select name="drop3" id="qshape" multiple="multiple" size="5"> - <option value="GET" selected="selected">GET</option> - <option value="PUT" selected="selected">PUT</option> - <option value="CONNECT" selected="selected">CONNECT</option> - <option value="ICP_QUERY">ICP_QUERY</option> - <option value="POST">POST</option> - </select><br><?=gettext("Which records must be in realtime report.");?></td> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Report Types: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="qshape" multiple="multiple" size="5"> + <option value="GET" selected="selected">GET</option> + <option value="PUT" selected="selected">PUT</option> + <option value="CONNECT" selected="selected">CONNECT</option> + <option value="ICP_QUERY">ICP_QUERY</option> + <option value="POST">POST</option> + </select> + <br /><?=gettext("Which records must be in realtime report.");?> + </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("unauthenticated_records: ");?></td> - <td width="78%" class="vtable"> - <select name="drop3" id="qtype"> - <option value="show" selected>show</option> - <option value="hide">hide</option> - </select><br><?=gettext("What to do with unauthenticated records in realtime report.");?></td> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("unauthenticated_records: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="qtype"> + <option value="show" selected>show</option> + <option value="hide">hide</option> + </select> + <br /><?=gettext("What to do with unauthenticated records in realtime report.");?> + </td> </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="button" class="formbtn" id="run" value="<?=gettext("show log");?>" onclick="get_queue('mailq')"><div id="search_help"></div></td> + <td width="22%" valign="top"></td> + <td width="78%"> + <input name="Submit" type="button" class="formbtn" id="run" value="<?=gettext("show log");?>" onclick="get_queue('mailq')" /> + <div id="search_help"></div> + </td> + </tr> </table> - </div> - </td> - </tr> - </table> - <br> - <div> - <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> - <tr> - <td class="tabcont" > - <div id="file_div"></div> - - </td> - </tr> - </table> - </div> + </div> + </td></tr> + </table> + <br /> + <div> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td class="tabcont" > + <div id="file_div"></div> + </td></tr> + </table> + </div> </div> </form> <script type="text/javascript"> - function loopSelected(id) - { - var selectedArray = new Array(); - var selObj = document.getElementById(id); - var i; - var count = 0; - for (i=0; i<selObj.options.length; i++) { - if (selObj.options[i].selected) { - selectedArray[count] = selObj.options[i].value; - count++; - } - } - return(selectedArray); + //<![CDATA[ + function loopSelected(id) { + var selectedArray = new Array(); + var selObj = document.getElementById(id); + var i; + var count = 0; + for (i = 0; i < selObj.options.length; i++) { + if (selObj.options[i].selected) { + selectedArray[count] = selObj.options[i].value; + count++; + } + } + return (selectedArray); } + function get_queue(loop) { - //prevent multiple instances - if ($('run').value=="show log" || loop== 'running'){ - $('run').value="running..."; - $('search_help').innerHTML ="<br><strong>You can change options while running.<br>To Stop search, change update frequency to Never.</strong>"; - var axel = Math.random() + ""; - var num = axel * 1000000000000000000; - var q_args=loopSelected('qshape'); - var pars = 'cmd='+$('cmd').options[$('cmd').selectedIndex].value; - var pars = pars + '&qshape='+q_args; - var pars = pars + '&prevent='+num; - var pars = pars + '&type='+$('qtype').options[$('qtype').selectedIndex].value; - var url = "/sarg_realtime.php"; - var myAjax = new Ajax.Request( - url, - { - method: 'post', - parameters: pars, - onComplete: activitycallback_queue_file - }); - } - } - function activitycallback_queue_file(transport) { - $('file_div').innerHTML = transport.responseText; - var update=$('updatef').options[$('updatef').selectedIndex].value * 1000; - if (update > 999){ - setTimeout('get_queue("running")', update); - } - else{ - $('run').value="show log"; - $('search_help').innerHTML =""; - } + //prevent multiple instances + if ($('run').value == "show log" || loop == 'running') { + $('run').value = "running..."; + $('search_help').innerHTML = "<br /><strong>You can change options while running.<br />To stop search, change update frequency to Never.</strong>"; + var axel = Math.random() + ""; + var num = axel * 1000000000000000000; + var q_args = loopSelected('qshape'); + var pars = 'cmd=' + $('cmd').options[$('cmd').selectedIndex].value; + var pars = pars + '&qshape=' + q_args; + var pars = pars + '&prevent=' + num; + var pars = pars + '&type=' + $('qtype').options[$('qtype').selectedIndex].value; + var url = "/sarg_realtime.php"; + var myAjax = new Ajax.Request( + url, { + method: 'post', + parameters: pars, + onComplete: activitycallback_queue_file + }); } + } + + function activitycallback_queue_file(transport) { + $('file_div').innerHTML = transport.responseText; + var update = $('updatef').options[$('updatef').selectedIndex].value * 1000; + if (update > 999) { + setTimeout('get_queue("running")', update); + } else { + $('run').value = "show log"; + $('search_help').innerHTML = ""; + } + } + //]]> </script> <?php include("fend.inc"); diff --git a/config/sarg/sarg_reports.php b/config/sarg/sarg_reports.php index f18eb80e..81e1fd02 100755 --- a/config/sarg/sarg_reports.php +++ b/config/sarg/sarg_reports.php @@ -1,8 +1,9 @@ <?php /* sarg_reports.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,70 +27,58 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($pf_version < 2.0) - $one_two = true; - - $pgtitle = "Status: Sarg Reports"; - include("head.inc"); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> +$pgtitle = "Status: Sarg Reports"; +include("head.inc"); - <?php if($one_two): ?> - <p class="pgtitle"><?=$pgtitle?></font></p> - <?php endif; ?> +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> - <?php if ($savemsg) print_info_box($savemsg); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> - <form> - - <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); - $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); - $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); - $tab_array[] = array(gettext("View Report"), true, "/sarg_reports.php"); - $tab_array[] = array(gettext("Realtime"), false, "/sarg_realtime.php"); - $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); - $tab_array[] = array(gettext("Help"), false, "/pkg_edit.php?xml=sarg_about.php"); - display_top_tabs($tab_array); - conf_mount_rw(); - exec('rm -f /usr/local/www/sarg-images/temp/*'); - conf_mount_ro(); - ?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> - <tr><td></td></tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Sarg Reports"); ?></td></tr> - </table> - </div> - <br> - <script language="JavaScript"> - var axel = Math.random() + ""; - var num = axel * 1000000000000000000; - document.writeln('<IFRAME SRC="/sarg_frame.php?prevent='+ num +'?" frameborder=0 width="100%" height="600"></IFRAME>'); - </script> - <div id="file_div"></div> - - </td> - </tr> +<form> +<div id="mainlevel"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); + $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); + $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); + $tab_array[] = array(gettext("View Report"), true, "/sarg_reports.php"); + $tab_array[] = array(gettext("Realtime"), false, "/sarg_realtime.php"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); + $tab_array[] = array(gettext("Help"), false, "/pkg_edit.php?xml=sarg_about.php"); + display_top_tabs($tab_array); + conf_mount_rw(); + mwexec('/bin/rm -f /usr/local/www/sarg-images/temp/*'); + conf_mount_ro(); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td></td></tr> + <tr><td colspan="2" valign="top" class="listtopic"><?=gettext("Sarg Reports"); ?></td></tr> </table> - </div> - </form> - <?php - include("fend.inc"); - ?> - </body> - </html> + </div> + <br /> + <script type="text/javascript"> + //<![CDATA[ + var axel = Math.random() + ""; + var num = axel * 1000000000000000000; + document.writeln('<iframe src="/sarg_frame.php?prevent='+ num +'?" frameborder="0" width="100%" height="600"></iframe>'); + //]]> + </script> + <div id="file_div"></div> + </td></tr> +</table> +</div> +</form> +<?php +include("fend.inc"); +?> +</body> +</html> diff --git a/config/sarg/sarg_schedule.xml b/config/sarg/sarg_schedule.xml index 5123d786..7bc02d10 100644 --- a/config/sarg/sarg_schedule.xml +++ b/config/sarg/sarg_schedule.xml @@ -1,65 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ -/* ========================================================================== */ + <copyright> +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ /* - sarg_schedule.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. + sarg_schedule.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>sargschedule</name> - <version>0.5</version> + <version>0.6.5</version> <title>Status: Sarg Schedules</title> <include_file>/usr/local/pkg/sarg.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/sarg/sarg.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/sarg/sarg_sync.xml</item> - </additional_files_needed> - <menu> - <name>sarg</name> - <tooltiptext>sarg</tooltiptext> - <section>Diagnostics</section> - <configfile>sarg.xml</configfile> - </menu> <tabs> <tab> <text>General</text> @@ -101,7 +86,7 @@ <fieldname>frequency</fieldname> </columnitem> <columnitem> - <fielddescr>Aditional Args</fielddescr> + <fielddescr>Additional Args</fielddescr> <fieldname>args</fieldname> </columnitem> <columnitem> @@ -116,7 +101,7 @@ <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> - <movable>arrow</movable> + <movable>on</movable> </adddeleteeditpagefields> <fields> <field> @@ -128,48 +113,58 @@ <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> <type>checkbox</type> - <description>Enable this schedule</description> - </field> + <description>Enable this schedule.</description> + </field> <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Enter a description for this file.</description> + <description>Enter a description for this schedule.</description> <type>input</type> <size>50</size> </field> <field> - <fielddescr>Sarg args</fielddescr> + <fielddescr>Sarg Args</fielddescr> <fieldname>args</fieldname> - <description><![CDATA[Enter sarg extra args to run on this schedule.<br> - To force sarg to create a report only for specific days, use:<br> - <b>TODAY:</b> -d `date +%d/%m/%Y`<br> - <b>YESTERDAY:</b> -d `date -v-1d +%d/%m/%Y`<br> - <b>WEEKAGO:</b> -d `date -v-1w +%d/%m/%Y`-`date -v-1d +%d/%m/%Y`<br> - <b>MONTHAGO:</b> -d `date -v-1m +01/%m/%Y`-`date -v-1m +31/%m/%Y`]]></description> + <description> + <![CDATA[ + Enter Sarg extra arguments to run on this schedule.<br /> + To force Sarg to create a report only for specific days, use:<br /><br /> + <strong>TODAY:</strong> -d `date +%d/%m/%Y`<br /> + <strong>YESTERDAY:</strong> -d `date -v-1d +%d/%m/%Y`<br /> + <strong>WEEKAGO:</strong> -d `date -v-1w +%d/%m/%Y`-`date -v-1d +%d/%m/%Y`<br /> + <strong>MONTHAGO:</strong> -d `date -v-1m +01/%m/%Y`-`date -v-1m +31/%m/%Y` + ]]> + </description> <type>input</type> <size>50</size> </field> <field> - <fielddescr>frequency</fielddescr> + <fielddescr>Frequency</fielddescr> <fieldname>frequency</fieldname> <type>input</type> <size>5</size> - <description><![CDATA[How often extract users from active directory and verify changes<br> - Valid options are minutes(m), hours(h), days(d)<br> - Sample: To update every hour, use 1h<br><br>]]><input type="submit" name="Submit" value="Force update now"><br></description> + <description> + <![CDATA[ + How often should this report be updated.<br /> + Valid options are: minutes(m), hours(h), days(d)<br /> + <strong>Example:</strong> To update every hour, use 1h<br /><br /> + <input type="submit" name="Submit" value="Force update now" /><br /> + ]]> + </description> <required/> </field> <field> - <fielddescr>Action after sarg</fielddescr> + <fielddescr>Action After Sarg</fielddescr> <fieldname>action</fieldname> + <description>Choose an action to run after Sarg finishes.</description> <type>select</type> - <options> - <option><name>None(default)</name><value>none</value></option> - <option><name>rotate logs</name><value>rotate</value></option> + <options> + <option><name>None (default)</name><value>none</value></option> + <option><name>Rotate logs</name><value>rotate</value></option> <option><name>Restart proxy daemon</name><value>restart</value></option> <option><name>Rotate log and restart proxy daemon</name><value>both</value></option> - </options> - <description>Choose an action after sarg finishes</description> + </options> + <default_value>none</default_value> </field> <field> <type>listtopic</type> @@ -179,14 +174,14 @@ <field> <fielddescr>Enable Compression</fielddescr> <fieldname>gzip</fieldname> - <description><![CDATA[Enable this option to compress sarg report html files using gzip and reduce 4 times sarg reports data.]]></description> + <description>Enable this option to compress Sarg HTML report files using gzip. Reduces reports size.</description> <type>checkbox</type> </field> <field> - <fielddescr>Compression level</fielddescr> + <fielddescr>Compression Level</fielddescr> <fieldname>gziplevel</fieldname> <type>select</type> - <options> + <options> <option><name>Default gzip compression (Recommended)</name><value></value></option> <option><name>1 (fast)</name><value>--fast</value></option> <option><name>2</name><value>-2</value></option> @@ -197,7 +192,7 @@ <option><name>7</name><value>-7</value></option> <option><name>8</name><value>-8</value></option> <option><name>9 (best)</name><value>--best</value></option> - </options> + </options> <description>Choose gzip compression level.</description> </field> <field> @@ -206,21 +201,21 @@ <type>input</type> <default_value>60</default_value> <size>5</size> - <description><![CDATA[To speed up find process, restrict find search to report files created/changed n minutes ago.<br> - Default is to 60 minutes. If your reports take longer to be created, increase this value.]]></description> + <description> + <![CDATA[ + To speed up find process, restrict search to report files created/changed specified number of minutes ago.<br /> + If your reports take long time to be created, increase this value.<br /> + Default: 60 (minutes). + ]]> + </description> </field> </fields> - <custom_php_install_command> - sarg_php_install_command(); - </custom_php_install_command> - <custom_php_command_before_form> - </custom_php_command_before_form> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_delete_php_command> sync_package_sarg(); - </custom_delete_php_command> + </custom_delete_php_command> <custom_php_resync_config_command> sarg_resync(); </custom_php_resync_config_command> diff --git a/config/sarg/sarg_sorttable.js b/config/sarg/sarg_sorttable.js index 25bccb2b..96443215 100644 --- a/config/sarg/sarg_sorttable.js +++ b/config/sarg/sarg_sorttable.js @@ -14,321 +14,333 @@ Licenced as X11: http://www.kryogenix.org/code/browser/licence.html This basically means: do what you want with it. */ - - -var stIsIE = /*@cc_on!@*/false; +var stIsIE = /*@cc_on!@*/ false; sorttable = { - init: function() { - // quit if this function has already been called - if (arguments.callee.done) return; - // flag this function so we don't do the same thing twice - arguments.callee.done = true; - // kill the timer - if (_timer) clearInterval(_timer); - - if (!document.createElement || !document.getElementsByTagName) return; - - sorttable.DATE_RE = /^(\d\d?)[\/\.-](\d\d?)[\/\.-]((\d\d)?\d\d)$/; - - forEach(document.getElementsByTagName('table'), function(table) { - if (table.className.search(/\bsortable\b/) != -1) { - sorttable.makeSortable(table); - } - }); - - }, - - makeSortable: function(table) { - if (table.getElementsByTagName('thead').length == 0) { - // table doesn't have a tHead. Since it should have, create one and - // put the first table row in it. - the = document.createElement('thead'); - the.appendChild(table.rows[0]); - table.insertBefore(the,table.firstChild); - } - // Safari doesn't support table.tHead, sigh - if (table.tHead == null) table.tHead = table.getElementsByTagName('thead')[0]; - - if (table.tHead.rows.length != 1) return; // can't cope with two header rows - - // Sorttable v1 put rows with a class of "sortbottom" at the bottom (as - // "total" rows, for example). This is B&R, since what you're supposed - // to do is put them in a tfoot. So, if there are sortbottom rows, - // for backwards compatibility, move them to tfoot (creating it if needed). - sortbottomrows = []; - for (var i=0; i<table.rows.length; i++) { - if (table.rows[i].className.search(/\bsortbottom\b/) != -1) { - sortbottomrows[sortbottomrows.length] = table.rows[i]; - } - } - if (sortbottomrows) { - if (table.tFoot == null) { - // table doesn't have a tfoot. Create one. - tfo = document.createElement('tfoot'); - table.appendChild(tfo); - } - for (var i=0; i<sortbottomrows.length; i++) { - tfo.appendChild(sortbottomrows[i]); - } - delete sortbottomrows; - } - - // work through each column and calculate its type - headrow = table.tHead.rows[0].cells; - for (var i=0; i<headrow.length; i++) { - // manually override the type with a sorttable_type attribute - if (!headrow[i].className.match(/\bsorttable_nosort\b/)) { // skip this col - mtch = headrow[i].className.match(/\bsorttable_([a-z0-9]+)\b/); - if (mtch) { override = mtch[1]; } - if (mtch && typeof sorttable["sort_"+override] == 'function') { - headrow[i].sorttable_sortfunction = sorttable["sort_"+override]; - } else { - headrow[i].sorttable_sortfunction = sorttable.guessType(table,i); - } - // make it clickable to sort - headrow[i].sorttable_columnindex = i; - headrow[i].sorttable_tbody = table.tBodies[0]; - dean_addEvent(headrow[i],"click", function(e) { - - if (this.className.search(/\bsorttable_sorted\b/) != -1) { - // if we're already sorted by this column, just - // reverse the table, which is quicker - sorttable.reverse(this.sorttable_tbody); - this.className = this.className.replace('sorttable_sorted', - 'sorttable_sorted_reverse'); - this.removeChild(document.getElementById('sorttable_sortfwdind')); - sortrevind = document.createElement('span'); - sortrevind.id = "sorttable_sortrevind"; - sortrevind.innerHTML = stIsIE ? ' <font face="webdings">5</font>' : ' ▴'; - this.appendChild(sortrevind); - return; - } - if (this.className.search(/\bsorttable_sorted_reverse\b/) != -1) { - // if we're already sorted by this column in reverse, just - // re-reverse the table, which is quicker - sorttable.reverse(this.sorttable_tbody); - this.className = this.className.replace('sorttable_sorted_reverse', - 'sorttable_sorted'); - this.removeChild(document.getElementById('sorttable_sortrevind')); - sortfwdind = document.createElement('span'); - sortfwdind.id = "sorttable_sortfwdind"; - sortfwdind.innerHTML = stIsIE ? ' <font face="webdings">6</font>' : ' ▾'; - this.appendChild(sortfwdind); - return; - } - - // remove sorttable_sorted classes - theadrow = this.parentNode; - forEach(theadrow.childNodes, function(cell) { - if (cell.nodeType == 1) { // an element - cell.className = cell.className.replace('sorttable_sorted_reverse',''); - cell.className = cell.className.replace('sorttable_sorted',''); - } - }); - sortfwdind = document.getElementById('sorttable_sortfwdind'); - if (sortfwdind) { sortfwdind.parentNode.removeChild(sortfwdind); } - sortrevind = document.getElementById('sorttable_sortrevind'); - if (sortrevind) { sortrevind.parentNode.removeChild(sortrevind); } - - this.className += ' sorttable_sorted'; - sortfwdind = document.createElement('span'); - sortfwdind.id = "sorttable_sortfwdind"; - sortfwdind.innerHTML = stIsIE ? ' <font face="webdings">6</font>' : ' ▾'; - this.appendChild(sortfwdind); - - // build an array to sort. This is a Schwartzian transform thing, - // i.e., we "decorate" each row with the actual sort key, - // sort based on the sort keys, and then put the rows back in order - // which is a lot faster because you only do getInnerText once per row - row_array = []; - col = this.sorttable_columnindex; - rows = this.sorttable_tbody.rows; - for (var j=0; j<rows.length; j++) { - row_array[row_array.length] = [sorttable.getInnerText(rows[j].cells[col]), rows[j]]; - } - /* If you want a stable sort, uncomment the following line */ - //sorttable.shaker_sort(row_array, this.sorttable_sortfunction); - /* and comment out this one */ - row_array.sort(this.sorttable_sortfunction); - - tb = this.sorttable_tbody; - for (var j=0; j<row_array.length; j++) { - tb.appendChild(row_array[j][1]); - } - - delete row_array; - }); - } - } - }, - - guessType: function(table, column) { - // guess the type of a column based on its first non-blank row - sortfn = sorttable.sort_alpha; - for (var i=0; i<table.tBodies[0].rows.length; i++) { - text = sorttable.getInnerText(table.tBodies[0].rows[i].cells[column]); - if (text != '') { - if (text.match(/^-?[£$¤]?[\d,.]+%?$/)) { - return sorttable.sort_numeric; - } - // check for a date: dd/mm/yyyy or dd/mm/yy - // can have / or . or - as separator - // can be mm/dd as well - possdate = text.match(sorttable.DATE_RE) - if (possdate) { - // looks like a date - first = parseInt(possdate[1]); - second = parseInt(possdate[2]); - if (first > 12) { - // definitely dd/mm - return sorttable.sort_ddmm; - } else if (second > 12) { - return sorttable.sort_mmdd; - } else { - // looks like a date, but we can't tell which, so assume - // that it's dd/mm (English imperialism!) and keep looking - sortfn = sorttable.sort_ddmm; - } - } - } - } - return sortfn; - }, - - getInnerText: function(node) { - // gets the text we want to use for sorting for a cell. - // strips leading and trailing whitespace. - // this is *not* a generic getInnerText function; it's special to sorttable. - // for example, you can override the cell text with a customkey attribute. - // it also gets .value for <input> fields. - - hasInputs = (typeof node.getElementsByTagName == 'function') && - node.getElementsByTagName('input').length; - - if (node.getAttribute("sorttable_customkey") != null) { - return node.getAttribute("sorttable_customkey"); - } - else if (typeof node.textContent != 'undefined' && !hasInputs) { - return node.textContent.replace(/^\s+|\s+$/g, ''); - } - else if (typeof node.innerText != 'undefined' && !hasInputs) { - return node.innerText.replace(/^\s+|\s+$/g, ''); - } - else if (typeof node.text != 'undefined' && !hasInputs) { - return node.text.replace(/^\s+|\s+$/g, ''); - } - else { - switch (node.nodeType) { - case 3: - if (node.nodeName.toLowerCase() == 'input') { - return node.value.replace(/^\s+|\s+$/g, ''); - } - case 4: - return node.nodeValue.replace(/^\s+|\s+$/g, ''); - break; - case 1: - case 11: - var innerText = ''; - for (var i = 0; i < node.childNodes.length; i++) { - innerText += sorttable.getInnerText(node.childNodes[i]); - } - return innerText.replace(/^\s+|\s+$/g, ''); - break; - default: - return ''; - } - } - }, - - reverse: function(tbody) { - // reverse the rows in a tbody - newrows = []; - for (var i=0; i<tbody.rows.length; i++) { - newrows[newrows.length] = tbody.rows[i]; - } - for (var i=newrows.length-1; i>=0; i--) { - tbody.appendChild(newrows[i]); - } - delete newrows; - }, - - /* sort functions - each sort function takes two parameters, a and b - you are comparing a[0] and b[0] */ - sort_numeric: function(a,b) { - aa = parseFloat(a[0].replace(/[^0-9.-]/g,'')); - if (isNaN(aa)) aa = 0; - bb = parseFloat(b[0].replace(/[^0-9.-]/g,'')); - if (isNaN(bb)) bb = 0; - return aa-bb; - }, - sort_alpha: function(a,b) { - if (a[0]==b[0]) return 0; - if (a[0]<b[0]) return -1; - return 1; - }, - sort_ddmm: function(a,b) { - mtch = a[0].match(sorttable.DATE_RE); - y = mtch[3]; m = mtch[2]; d = mtch[1]; - if (m.length == 1) m = '0'+m; - if (d.length == 1) d = '0'+d; - dt1 = y+m+d; - mtch = b[0].match(sorttable.DATE_RE); - y = mtch[3]; m = mtch[2]; d = mtch[1]; - if (m.length == 1) m = '0'+m; - if (d.length == 1) d = '0'+d; - dt2 = y+m+d; - if (dt1==dt2) return 0; - if (dt1<dt2) return -1; - return 1; - }, - sort_mmdd: function(a,b) { - mtch = a[0].match(sorttable.DATE_RE); - y = mtch[3]; d = mtch[2]; m = mtch[1]; - if (m.length == 1) m = '0'+m; - if (d.length == 1) d = '0'+d; - dt1 = y+m+d; - mtch = b[0].match(sorttable.DATE_RE); - y = mtch[3]; d = mtch[2]; m = mtch[1]; - if (m.length == 1) m = '0'+m; - if (d.length == 1) d = '0'+d; - dt2 = y+m+d; - if (dt1==dt2) return 0; - if (dt1<dt2) return -1; - return 1; - }, - - shaker_sort: function(list, comp_func) { - // A stable sort function to allow multi-level sorting of data - // see: http://en.wikipedia.org/wiki/Cocktail_sort - // thanks to Joseph Nahmias - var b = 0; - var t = list.length - 1; - var swap = true; - - while(swap) { - swap = false; - for(var i = b; i < t; ++i) { - if ( comp_func(list[i], list[i+1]) > 0 ) { - var q = list[i]; list[i] = list[i+1]; list[i+1] = q; - swap = true; - } - } // for - t--; - - if (!swap) break; - - for(var i = t; i > b; --i) { - if ( comp_func(list[i], list[i-1]) < 0 ) { - var q = list[i]; list[i] = list[i-1]; list[i-1] = q; - swap = true; - } - } // for - b++; - - } // while(swap) - } + init: function() { + // quit if this function has already been called + if (arguments.callee.done) return; + // flag this function so we don't do the same thing twice + arguments.callee.done = true; + // kill the timer + if (_timer) clearInterval(_timer); + + if (!document.createElement || !document.getElementsByTagName) return; + + sorttable.DATE_RE = /^(\d\d?)[\/\.-](\d\d?)[\/\.-]((\d\d)?\d\d)$/; + + forEach(document.getElementsByTagName('table'), function(table) { + if (table.className.search(/\bsortable\b/) != -1) { + sorttable.makeSortable(table); + } + }); + + }, + + makeSortable: function(table) { + if (table.getElementsByTagName('thead').length == 0) { + // table doesn't have a tHead. Since it should have, create one and + // put the first table row in it. + the = document.createElement('thead'); + the.appendChild(table.rows[0]); + table.insertBefore(the, table.firstChild); + } + // Safari doesn't support table.tHead, sigh + if (table.tHead == null) table.tHead = table.getElementsByTagName('thead')[0]; + + if (table.tHead.rows.length != 1) return; // can't cope with two header rows + + // Sorttable v1 put rows with a class of "sortbottom" at the bottom (as + // "total" rows, for example). This is B&R, since what you're supposed + // to do is put them in a tfoot. So, if there are sortbottom rows, + // for backwards compatibility, move them to tfoot (creating it if needed). + sortbottomrows = []; + for (var i = 0; i < table.rows.length; i++) { + if (table.rows[i].className.search(/\bsortbottom\b/) != -1) { + sortbottomrows[sortbottomrows.length] = table.rows[i]; + } + } + if (sortbottomrows) { + if (table.tFoot == null) { + // table doesn't have a tfoot. Create one. + tfo = document.createElement('tfoot'); + table.appendChild(tfo); + } + for (var i = 0; i < sortbottomrows.length; i++) { + tfo.appendChild(sortbottomrows[i]); + } + delete sortbottomrows; + } + + // work through each column and calculate its type + headrow = table.tHead.rows[0].cells; + for (var i = 0; i < headrow.length; i++) { + // manually override the type with a sorttable_type attribute + if (!headrow[i].className.match(/\bsorttable_nosort\b/)) { // skip this col + mtch = headrow[i].className.match(/\bsorttable_([a-z0-9]+)\b/); + if (mtch) { + override = mtch[1]; + } + if (mtch && typeof sorttable["sort_" + override] == 'function') { + headrow[i].sorttable_sortfunction = sorttable["sort_" + override]; + } else { + headrow[i].sorttable_sortfunction = sorttable.guessType(table, i); + } + // make it clickable to sort + headrow[i].sorttable_columnindex = i; + headrow[i].sorttable_tbody = table.tBodies[0]; + dean_addEvent(headrow[i], "click", function(e) { + + if (this.className.search(/\bsorttable_sorted\b/) != -1) { + // if we're already sorted by this column, just + // reverse the table, which is quicker + sorttable.reverse(this.sorttable_tbody); + this.className = this.className.replace('sorttable_sorted', + 'sorttable_sorted_reverse'); + this.removeChild(document.getElementById('sorttable_sortfwdind')); + sortrevind = document.createElement('span'); + sortrevind.id = "sorttable_sortrevind"; + sortrevind.innerHTML = stIsIE ? ' <font face="webdings">5</font>' : ' ▴'; + this.appendChild(sortrevind); + return; + } + if (this.className.search(/\bsorttable_sorted_reverse\b/) != -1) { + // if we're already sorted by this column in reverse, just + // re-reverse the table, which is quicker + sorttable.reverse(this.sorttable_tbody); + this.className = this.className.replace('sorttable_sorted_reverse', + 'sorttable_sorted'); + this.removeChild(document.getElementById('sorttable_sortrevind')); + sortfwdind = document.createElement('span'); + sortfwdind.id = "sorttable_sortfwdind"; + sortfwdind.innerHTML = stIsIE ? ' <font face="webdings">6</font>' : ' ▾'; + this.appendChild(sortfwdind); + return; + } + + // remove sorttable_sorted classes + theadrow = this.parentNode; + forEach(theadrow.childNodes, function(cell) { + if (cell.nodeType == 1) { // an element + cell.className = cell.className.replace('sorttable_sorted_reverse', ''); + cell.className = cell.className.replace('sorttable_sorted', ''); + } + }); + sortfwdind = document.getElementById('sorttable_sortfwdind'); + if (sortfwdind) { + sortfwdind.parentNode.removeChild(sortfwdind); + } + sortrevind = document.getElementById('sorttable_sortrevind'); + if (sortrevind) { + sortrevind.parentNode.removeChild(sortrevind); + } + + this.className += ' sorttable_sorted'; + sortfwdind = document.createElement('span'); + sortfwdind.id = "sorttable_sortfwdind"; + sortfwdind.innerHTML = stIsIE ? ' <font face="webdings">6</font>' : ' ▾'; + this.appendChild(sortfwdind); + + // build an array to sort. This is a Schwartzian transform thing, + // i.e., we "decorate" each row with the actual sort key, + // sort based on the sort keys, and then put the rows back in order + // which is a lot faster because you only do getInnerText once per row + row_array = []; + col = this.sorttable_columnindex; + rows = this.sorttable_tbody.rows; + for (var j = 0; j < rows.length; j++) { + row_array[row_array.length] = [sorttable.getInnerText(rows[j].cells[col]), rows[j]]; + } + /* If you want a stable sort, uncomment the following line */ + //sorttable.shaker_sort(row_array, this.sorttable_sortfunction); + /* and comment out this one */ + row_array.sort(this.sorttable_sortfunction); + + tb = this.sorttable_tbody; + for (var j = 0; j < row_array.length; j++) { + tb.appendChild(row_array[j][1]); + } + + delete row_array; + }); + } + } + }, + + guessType: function(table, column) { + // guess the type of a column based on its first non-blank row + sortfn = sorttable.sort_alpha; + for (var i = 0; i < table.tBodies[0].rows.length; i++) { + text = sorttable.getInnerText(table.tBodies[0].rows[i].cells[column]); + if (text != '') { + if (text.match(/^-?[Å$¤]?[\d,.]+%?$/)) { + return sorttable.sort_numeric; + } + // check for a date: dd/mm/yyyy or dd/mm/yy + // can have / or . or - as separator + // can be mm/dd as well + possdate = text.match(sorttable.DATE_RE) + if (possdate) { + // looks like a date + first = parseInt(possdate[1]); + second = parseInt(possdate[2]); + if (first > 12) { + // definitely dd/mm + return sorttable.sort_ddmm; + } else if (second > 12) { + return sorttable.sort_mmdd; + } else { + // looks like a date, but we can't tell which, so assume + // that it's dd/mm (English imperialism!) and keep looking + sortfn = sorttable.sort_ddmm; + } + } + } + } + return sortfn; + }, + + getInnerText: function(node) { + // gets the text we want to use for sorting for a cell. + // strips leading and trailing whitespace. + // this is *not* a generic getInnerText function; it's special to sorttable. + // for example, you can override the cell text with a customkey attribute. + // it also gets .value for <input> fields. + + hasInputs = (typeof node.getElementsByTagName == 'function') && + node.getElementsByTagName('input').length; + + if (node.getAttribute("sorttable_customkey") != null) { + return node.getAttribute("sorttable_customkey"); + } else if (typeof node.textContent != 'undefined' && !hasInputs) { + return node.textContent.replace(/^\s+|\s+$/g, ''); + } else if (typeof node.innerText != 'undefined' && !hasInputs) { + return node.innerText.replace(/^\s+|\s+$/g, ''); + } else if (typeof node.text != 'undefined' && !hasInputs) { + return node.text.replace(/^\s+|\s+$/g, ''); + } else { + switch (node.nodeType) { + case 3: + if (node.nodeName.toLowerCase() == 'input') { + return node.value.replace(/^\s+|\s+$/g, ''); + } + case 4: + return node.nodeValue.replace(/^\s+|\s+$/g, ''); + break; + case 1: + case 11: + var innerText = ''; + for (var i = 0; i < node.childNodes.length; i++) { + innerText += sorttable.getInnerText(node.childNodes[i]); + } + return innerText.replace(/^\s+|\s+$/g, ''); + break; + default: + return ''; + } + } + }, + + reverse: function(tbody) { + // reverse the rows in a tbody + newrows = []; + for (var i = 0; i < tbody.rows.length; i++) { + newrows[newrows.length] = tbody.rows[i]; + } + for (var i = newrows.length - 1; i >= 0; i--) { + tbody.appendChild(newrows[i]); + } + delete newrows; + }, + + /* sort functions + each sort function takes two parameters, a and b + you are comparing a[0] and b[0] */ + sort_numeric: function(a, b) { + aa = parseFloat(a[0].replace(/[^0-9.-]/g, '')); + if (isNaN(aa)) aa = 0; + bb = parseFloat(b[0].replace(/[^0-9.-]/g, '')); + if (isNaN(bb)) bb = 0; + return aa - bb; + }, + sort_alpha: function(a, b) { + if (a[0] == b[0]) return 0; + if (a[0] < b[0]) return -1; + return 1; + }, + sort_ddmm: function(a, b) { + mtch = a[0].match(sorttable.DATE_RE); + y = mtch[3]; + m = mtch[2]; + d = mtch[1]; + if (m.length == 1) m = '0' + m; + if (d.length == 1) d = '0' + d; + dt1 = y + m + d; + mtch = b[0].match(sorttable.DATE_RE); + y = mtch[3]; + m = mtch[2]; + d = mtch[1]; + if (m.length == 1) m = '0' + m; + if (d.length == 1) d = '0' + d; + dt2 = y + m + d; + if (dt1 == dt2) return 0; + if (dt1 < dt2) return -1; + return 1; + }, + sort_mmdd: function(a, b) { + mtch = a[0].match(sorttable.DATE_RE); + y = mtch[3]; + d = mtch[2]; + m = mtch[1]; + if (m.length == 1) m = '0' + m; + if (d.length == 1) d = '0' + d; + dt1 = y + m + d; + mtch = b[0].match(sorttable.DATE_RE); + y = mtch[3]; + d = mtch[2]; + m = mtch[1]; + if (m.length == 1) m = '0' + m; + if (d.length == 1) d = '0' + d; + dt2 = y + m + d; + if (dt1 == dt2) return 0; + if (dt1 < dt2) return -1; + return 1; + }, + + shaker_sort: function(list, comp_func) { + // A stable sort function to allow multi-level sorting of data + // see: http://en.wikipedia.org/wiki/Cocktail_sort + // thanks to Joseph Nahmias + var b = 0; + var t = list.length - 1; + var swap = true; + + while (swap) { + swap = false; + for (var i = b; i < t; ++i) { + if (comp_func(list[i], list[i + 1]) > 0) { + var q = list[i]; + list[i] = list[i + 1]; + list[i + 1] = q; + swap = true; + } + } // for + t--; + + if (!swap) break; + + for (var i = t; i > b; --i) { + if (comp_func(list[i], list[i - 1]) < 0) { + var q = list[i]; + list[i] = list[i - 1]; + list[i - 1] = q; + swap = true; + } + } // for + b++; + + } // while(swap) + } } /* ****************************************************************** @@ -339,7 +351,7 @@ sorttable = { /* for Mozilla/Opera9 */ if (document.addEventListener) { - document.addEventListener("DOMContentLoaded", sorttable.init, false); + document.addEventListener("DOMContentLoaded", sorttable.init, false); } /* for Internet Explorer */ @@ -356,11 +368,11 @@ if (document.addEventListener) { /* for Safari */ if (/WebKit/i.test(navigator.userAgent)) { // sniff - var _timer = setInterval(function() { - if (/loaded|complete/.test(document.readyState)) { - sorttable.init(); // call the onload handler - } - }, 10); + var _timer = setInterval(function() { + if (/loaded|complete/.test(document.readyState)) { + sorttable.init(); // call the onload handler + } + }, 10); } /* for other browsers */ @@ -434,7 +446,7 @@ fixEvent.preventDefault = function() { this.returnValue = false; }; fixEvent.stopPropagation = function() { - this.cancelBubble = true; + this.cancelBubble = true; } // Dean's forEach: http://dean.edwards.name/base/forEach.js @@ -490,4 +502,3 @@ var forEach = function(object, block, context) { resolve.forEach(object, block, context); } }; - diff --git a/config/sarg/sarg_sync.xml b/config/sarg/sarg_sync.xml index 354d9991..9ae141e5 100755 --- a/config/sarg/sarg_sync.xml +++ b/config/sarg/sarg_sync.xml @@ -1,48 +1,48 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - sarg_sync.xml - part of the sarg package for pfSense - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + sarg_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>sargsync</name> - <version>1.0</version> + <version>0.6.5</version> <title>Status: Sarg Sync</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <tabs> @@ -75,16 +75,16 @@ <text>Help</text> <url>/sarg_about.php</url> </tab> -</tabs> + </tabs> <fields> <field> <name>XMLRPC Sync</name> <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync sarg configuration changes</fielddescr> + <fielddescr>Automatically Sync Sarg Configuration Changes.</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for sarg.</description> + <description>Select a sync method for Sarg.</description> <type>select</type> <required/> <default_value>auto</default_value> @@ -95,14 +95,14 @@ </options> </field> <field> - <fielddescr>Sync timeout</fielddescr> + <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> <description>Select sync max wait time</description> <type>select</type> <required/> <default_value>250</default_value> <options> - <option><name>250 seconds(Default)</name><value>250</value></option> + <option><name>250 seconds (default)</name><value>250</value></option> <option><name>120 seconds</name><value>120</value></option> <option><name>90 seconds</name><value>90</value></option> <option><name>60 seconds</name><value>60</value></option> @@ -114,32 +114,26 @@ <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP Address of remote server</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> </rowhelper> </field> </fields> - <custom_php_install_command> - sarg_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - sarg_php_deinstall_command(); - </custom_php_deinstall_command> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sarg_resync(); </custom_php_resync_config_command> diff --git a/config/sarg/sarg_users.xml b/config/sarg/sarg_users.xml index 39387007..92d46dd1 100644 --- a/config/sarg/sarg_users.xml +++ b/config/sarg/sarg_users.xml @@ -1,49 +1,48 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - sarg_users.xml - part of the sarg for pfSense - Copyright (C) 2012 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + sarg_users.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>sarguser</name> - <version>1.0</version> + <version>0.6.5</version> <title>Status: Sarg User Settings</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <tabs> @@ -76,7 +75,7 @@ <text>Help</text> <url>/sarg_about.php</url> </tab> -</tabs> + </tabs> <fields> <field> <name>User Settings</name> @@ -85,134 +84,171 @@ <field> <fielddescr>User Sort Field</fielddescr> <fieldname>user_sort_field</fieldname> - <description><![CDATA[Sort field for the User Report.]]></description> - <type>select</type> - <options> - <option><name>BYTES(default)</name><value>BYTES</value></option> + <description>Select the sort field for the User Report.</description> + <type>select</type> + <options> + <option><name>BYTES (default)</name><value>BYTES</value></option> <option><name>SITE normal</name><value>SITE</value></option> <option><name>CONNECT</name><value>CONNECT</value></option> <option><name>TIME</name><value>TIME</value></option> - </options> + </options> + <default_value>BYTES</default_value> </field> <field> - <fielddescr>Ntlm User Format</fielddescr> + <fielddescr>NTLM Users Format</fielddescr> <fieldname>ntlm_user_format</fieldname> - <description><![CDATA[NTLM users format]]></description> + <description>Select NTLM username format.</description> <type>select</type> <options> - <option><name>domainname+username (default)</name><value>domainname+username</value></option> - <option><name>username</name><value>user</value></option> + <option><name>domainname+username (default)</name><value>domainname+username</value></option> + <option><name>username</name><value>user</value></option> </options> + <default_value>domainname+username</default_value> </field> <field> - <fielddescr>Exclude users</fielddescr> + <fielddescr>Exclude Users</fielddescr> <fieldname>exclude_userlist</fieldname> - <description><![CDATA[Users within the file will be excluded from reports.<br> - You can use indexonly to have only index.html file.<br> - <strong>Format: one user per line.</strong>]]></description> + <description> + <![CDATA[ + Users within the file will be excluded from reports.<br /> + <strong>Format: One user per line.</strong> + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> <encoding>base64</encoding> </field> <field> - <fielddescr>Include users</fielddescr> + <fielddescr>Include Users</fielddescr> <fieldname>include_userlist</fieldname> - <description><![CDATA[Reports will be generated only for listed users.<br> - <strong>Format: user1:user2:...:usern</strong>]]></description> + <description> + <![CDATA[ + Reports will be generated only for listed users.<br /> + <strong>Format: user1:user2:...:userN</strong> + ]]> + </description> <type>input</type> <size>70</size> </field> <field> - <fielddescr>Users association</fielddescr> + <fielddescr>Users Association</fielddescr> <fieldname>usertab</fieldname> - <description><![CDATA[You can change the "userid" or the "ip address" to be a real user name on the reports.<br> - If resolve_ip is active, the ip address is resolved before being looked up into this file.<br> - That is, if you want to map the ip address, be sure to set resolv_ip to no or the resolved name will be looked into the file instead of the ip address.<br> - Note that it can be used to resolve any ip address known to the dns and then map the unresolved ip addresses to a name found in the usertab file.<br> - <strong>Table syntax: userid name or ip address name</strong><br> - Eg:<br>SirIsaac Isaac Newton<br> - vinci Leonardo da Vinci<br> - 192.168.10.1 Karol Wojtyla]]></description> + <description> + <![CDATA[ + You can change the "userid" or the "IP address" to be a real user name on the reports.<br /> + If 'Convert IP address to DNS name' is active, the IP address is resolved before being looked up into this file.<br /> + That is, if you want to map the IP address, be sure to set resolv_ip to no or the resolved name will be looked into the file instead of the IP address.<br /> + Note that it can be used to resolve any IP address known to the dns and then map the unresolved IP addresses to a name found in the usertab file.<br /> + <strong>Table syntax: 'userid name' or 'IP_address name'</strong><br /><br /> + <strong>Examples:</strong><br /> + SirIsaac Isaac Newton<br /> + vinci Leonardo da Vinci<br /> + 192.168.10.1 Karol Wojtyla + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> <encoding>base64</encoding> </field> <field> - <name>Ldap Settings</name> + <name>LDAP Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Enable LDAP search</fielddescr> + <fielddescr>Enable LDAP Search</fielddescr> <fieldname>ldap_enable</fieldname> - <description><![CDATA[Enable LDAP search for username replacement based on active directory info.<br> - This option is usefull to show full usernames in sarg reports instead of user logins.]]></description> + <description> + <![CDATA[ + Enable LDAP search for username replacement based on Active Directory information.<br /> + This option is useful to show full usernames in Sarg reports instead of user logins. + ]]> + </description> <type>checkbox</type> </field> <field> <fielddescr>LDAP Hostname</fielddescr> <fieldname>ldap_host</fieldname> - <description><![CDATA[FQDN or IP address of host with LDAP service or AD DC]]></description> + <description>FQDN or IP address of host with LDAP service or AD DC.</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>LDAP Port</fielddescr> <fieldname>ldap_port</fieldname> - <description><![CDATA[LDAP service port number.<br>Default is 389]]></description> + <description> + <![CDATA[ + LDAP service port number.<br /> + Default: 389 + ]]> + </description> <type>input</type> <size>10</size> + <default_value>389</default_value> </field> <field> - <fielddescr>LDAP Bind DN</fielddescr> + <fielddescr>LDAP Bind User DN</fielddescr> <fieldname>ldap_bind_dn</fieldname> - <description><![CDATA[DN of LDAP user, who is authorized to read user's names from LDAP base.<br> - Sample: CN=username,OU=group,DC=mydomain,DC=com<br>]]></description> + <description> + <![CDATA[ + DN of the LDAP user who is authorized to the search the LDAP database.<br /> + <strong>Example:</strong> CN=username,OU=group,DC=mydomain,DC=com<br /> + ]]> + </description> <type>input</type> <size>60</size> </field> <field> <fielddescr>LDAP Bind Password</fielddescr> <fieldname>ldap_bind_pw</fieldname> - <description><![CDATA[LDAPBindPW secret Password of DN, who is authorized to read user's names from LDAP base.]]></description> + <description>Input the password for 'LDAP Bind User DN' specified above.</description> <type>password</type> - <size>10</size> + <size>20</size> </field> <field> - <fielddescr>LDAP Base Search</fielddescr> + <fielddescr>LDAP Search Base DN</fielddescr> <fieldname>ldap_base_search</fieldname> - <description><![CDATA[LDAP search base.<br> - Sample: OU=users,DC=mydomain,DC=com]]></description> + <description> + <![CDATA[ + Specify the LDAP search base DN. The search base is the place in the hierarchical LDAP structure where the search for user accounts starts.<br /> + <strong>Example:</strong> OU=users,DC=mydomain,DC=com + ]]> + </description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>LDAP filter Search</fielddescr> + <fielddescr>LDAP Search Filter</fielddescr> <fieldname>ldap_filter_search</fieldname> - <description><![CDATA[LDAPFilterSearch (uid=%s)<br> - User search filter by user's logins in LDAP. First founded record will be used.<br> - %s - will be changed to userlogins from access.log file filter string can have up to 5 '%s' tags.<br> - Default value is '(uid=%s)']]></description> + <description> + <![CDATA[ + Use this to filter the user login entries to be returned for a search operation in LDAP. First found record will be used.<br /> + %s - will be changed to user logins from access.log file filter. Search filter string can have up to 5 '%s' tags.<br /> + Default value: '(uid=%s)' + ]]> + </description> <type>input</type> <size>60</size> + <default_value>(uid=%s)</default_value> </field> <field> - <fielddescr>LDAP Target Attribute</fielddescr> + <fielddescr>LDAP Username DN Attribute</fielddescr> <fieldname>ldap_target_attr</fieldname> - <description><![CDATA[Name of the attribute containing a name of the user<br> - Default value is 'cn']]></description> + <description> + <![CDATA[ + Name of the attribute containing the login name of the user<br /> + Default value is 'cn'. For Active Directory, use 'sAMAccountName'. + ]]> + </description> <type>input</type> <size>60</size> + <default_value>cn</default_value> </field> </fields> - <custom_php_install_command> - </custom_php_install_command> - <custom_php_deinstall_command> - </custom_php_deinstall_command> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sync_package_sarg(); </custom_php_resync_config_command> diff --git a/config/servicewatchdog/services_servicewatchdog.php b/config/servicewatchdog/services_servicewatchdog.php index 6c91b98e..7fede37b 100644 --- a/config/servicewatchdog/services_servicewatchdog.php +++ b/config/servicewatchdog/services_servicewatchdog.php @@ -1,7 +1,9 @@ <?php /* services_servicewatchdog.php + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Jim Pingle + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -78,7 +80,8 @@ if (isset($_POST['Update'])) { } } } - } else { /* No notifies selected, remove them all. */ + } else { + /* No notifies selected, remove them all. */ foreach ($a_pwservices as $idx => $thisservice) { unset($a_pwservices[$idx]['notify']); } @@ -201,15 +204,15 @@ $nservices = $i = 0; foreach ($a_pwservices as $thisservice): ?> <tr valign="top" id="fr<?=$nservices;?>"> - <td class="listt"><input type="checkbox" id="frc<?=$nservices;?>" name="pwservices[]" value="<?=$i;?>" onClick="fr_bgcolor('<?=$nservices;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> - <td class="listlr"><input type="checkbox" id="notify<?=$nservices;?>" name="notifies[]" value="<?=$i;?>" style="margin: 0; padding: 0; width: 15px; height: 15px;" <?PHP if (isset($thisservice['notify'])) echo 'checked="CHECKED"';?>/></td> + <td class="listt"><input type="checkbox" id="frc<?=$nservices;?>" name="pwservices[]" value="<?=$i;?>" onclick="fr_bgcolor('<?=$nservices;?>')" style="margin: 0; padding: 0; width: 15px; height: 15px;" /></td> + <td class="listlr"><input type="checkbox" id="notify<?=$nservices;?>" name="notifies[]" value="<?=$i;?>" style="margin: 0; padding: 0; width: 15px; height: 15px;" <?PHP if (isset($thisservice['notify'])) echo 'checked="checked"';?>/></td> <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> <?=$thisservice['name'];?> </td> <td class="listr" onclick="fr_toggle(<?=$nservices;?>)" id="frd<?=$nservices;?>" ondblclick="document.location='services_servicewatchdog_add.php?id=<?=$nservices;?>';"> <?=$thisservice['description'];?> </td> - <td valign="middle" class="list" nowrap> + <td valign="middle" class="list" nowrap="nowrap"> <table border="0" cellspacing="0" cellpadding="1" summary="add"> <tr> <td><input onmouseover="fr_insline(<?=$nservices;?>, true)" onmouseout="fr_insline(<?=$nservices;?>, false)" name="move_<?=$i;?>" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" title="<?=gettext("move selected services before this service");?>" height="17" type="image" width="17" border="0" /></td> @@ -225,7 +228,7 @@ endforeach; ?> <tr> <td class="list" colspan="4"></td> - <td class="list" valign="middle" nowrap> + <td class="list" valign="middle" nowrap="nowrap"> <table border="0" cellspacing="0" cellpadding="1" summary="add"> <tr> <td><?php if ($nservices == 0): ?><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_left_d.gif" width="17" height="17" title="<?=gettext("move selected services to end"); ?>" border="0" alt="move" /><?php else: ?><input name="move_<?=$i;?>" type="image" src="/themes/<?= $g['theme']; ?>/images/icons/icon_left.gif" width="17" height="17" title="<?=gettext("move selected services to end");?>" border="0" alt="move" /><?php endif; ?></td> diff --git a/config/servicewatchdog/services_servicewatchdog_add.php b/config/servicewatchdog/services_servicewatchdog_add.php index 10f24797..976881c9 100644 --- a/config/servicewatchdog/services_servicewatchdog_add.php +++ b/config/servicewatchdog/services_servicewatchdog_add.php @@ -1,7 +1,9 @@ <?php /* services_servicewatchdog_add.php + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Jim Pingle + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -54,8 +56,9 @@ $system_services = get_services(); unset($input_errors); if ($_POST) { - if (!is_numeric($_POST['svcid'])) + if (!is_numeric($_POST['svcid'])) { return; + } if (!isset($system_services[$_POST['svcid']])) { $input_errors[] = gettext("The supplied service appears to be invalid."); @@ -93,7 +96,7 @@ include("head.inc"); <td width="22%" valign="top" class="vncell"><?=gettext("Service to Add:"); ?></td> <td width="78%" class="vtable"> <select name="svcid" class="formselect" id="svcid"> -<?php $i=0; +<?php $i = 0; foreach ($system_services as $svc): ?> <?php if (!servicewatchdog_is_service_watched($svc)): ?> <?php $svc['description'] = empty($svc['description']) ? get_pkg_descr($svc['name']) : $svc['description']; ?> diff --git a/config/servicewatchdog/servicewatchdog.inc b/config/servicewatchdog/servicewatchdog.inc index 817b92e0..7fd9bf5d 100644 --- a/config/servicewatchdog/servicewatchdog.inc +++ b/config/servicewatchdog/servicewatchdog.inc @@ -1,4 +1,32 @@ <?php +/* + servicewatchdog.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require_once("config.inc"); require_once("services.inc"); require_once("service-utils.inc"); diff --git a/config/servicewatchdog/servicewatchdog.xml b/config/servicewatchdog/servicewatchdog.xml index 5a1aebbb..34ff84ec 100644 --- a/config/servicewatchdog/servicewatchdog.xml +++ b/config/servicewatchdog/servicewatchdog.xml @@ -3,24 +3,29 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ -/* ========================================================================== */ +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ /* servicewatchdog.xml - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Jim Pingle + Copyright (C) 2015 ESF, LLC All rights reserved. -/* ========================================================================== */ +*/ +/* ====================================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -32,15 +37,14 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ +*/ +/* ====================================================================================== */ ]]> </copyright> <description>Service Watchdog</description> - <requirements>None</requirements> <faq>Monitors for stopped services and restarts them.</faq> <name>Service Watchdog</name> - <version>1.7</version> + <version>1.7.1</version> <title>Services: Service Watchdog</title> <include_file>/usr/local/pkg/servicewatchdog.inc</include_file> <menu> @@ -51,12 +55,10 @@ </menu> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>644</chmod> <item>https://packages.pfsense.org/packages/config/servicewatchdog/services_servicewatchdog.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>644</chmod> <item>https://packages.pfsense.org/packages/config/servicewatchdog/services_servicewatchdog_add.php</item> </additional_files_needed> <additional_files_needed> @@ -66,7 +68,6 @@ </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>644</chmod> <item>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.inc</item> </additional_files_needed> <custom_php_install_command> diff --git a/config/servicewatchdog/servicewatchdog_cron.php b/config/servicewatchdog/servicewatchdog_cron.php index 9979917e..5e15e8cb 100644 --- a/config/servicewatchdog/servicewatchdog_cron.php +++ b/config/servicewatchdog/servicewatchdog_cron.php @@ -1,14 +1,46 @@ #!/usr/local/bin/php -f <?php +/* + servicewatchdog_cron.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require_once("globals.inc"); require_once("servicewatchdog.inc"); global $g; /* Do nothing at bootup. */ -if ($g['booting'] || file_exists("{$g['varrun_path']}/booting")) { +if (function_exists("platform_booting")) { + if (platform_booting()) { + return; + } +} elseif ($g['booting']) { return; } servicewatchdog_check_services(); -?>
\ No newline at end of file +?> diff --git a/config/shellcmd/shellcmd.inc b/config/shellcmd/shellcmd.inc index 04cbf3d6..113b645c 100644 --- a/config/shellcmd/shellcmd.inc +++ b/config/shellcmd/shellcmd.inc @@ -1,14 +1,11 @@ <?php -/* $Id$ */ -/* -/* ========================================================================== */ -/* - shellcmd.inc - Copyright (C) 2008 Mark J Crane - All rights reserved. - */ -/* ========================================================================== */ /* + shellcmd.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008 Mark J Crane + Copyright (C) 2015 ESF, LLC + All rights reserved. + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -30,58 +27,278 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +function shellcmd_install_command() { + global $config; + + /* Remove garbage left over by previous broken package versions */ + unlink_if_exists("/usr/local/etc/rc.d/shellcmd.sh"); + if (is_dir("/usr/local/www/packages/shellcmd")) { + mwexec("/bin/rm -rf /usr/local/www/packages/shellcmd/"); + } + + shellcmd_import_config(); + shellcmd_sync_package(); + +} + -require_once("services.inc"); - -if (!function_exists("pkg_is_service_running")) { - function pkg_is_service_running($servicename) - { - exec("/bin/ps ax | awk '{ print $5 }'", $psout); - array_shift($psout); - foreach($psout as $line) { - $ps[] = trim(array_pop(explode(' ', array_pop(explode('/', $line))))); - } - if(is_service_running($servicename, $ps) or is_process_running($servicename) ) { - return true; - } - else { - return false; - } +function shellcmd_delete_php_command() { + global $config; + + /* When 'Delete item' is clicked in Shellcmd Settings */ + if ($_GET['act'] == "del") { + + /* System earlyshellcmd commands */ + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!is_array($a_earlyshellcmd)) { + $a_earlyshellcmd = array(); + } + /* Shellcmd package commands */ + $a_shellcmd_config = &$config['installedpackages']['shellcmdsettings']['config']; + if (!is_array($a_shellcmd_config)) { + $a_shellcmd_config = array(); + } + + /* First check for a couple of special cases that we do NOT want deleted */ + /* TODO: Create a function for these checks */ + $pkg = ''; + /* pfBlockerNG - function to restore archived aliastables on nanobsd (see pfblockerng.inc) */ + $pfbcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh"; + /* If the entry exists in system config ... */ + if (in_array($pfbcmd, $a_earlyshellcmd)) { + $cnta = 0; + /* ... but does not exist in package config ... */ + foreach ($a_shellcmd_config as $item => $value) { + if (in_array($pfbcmd, $value)) { + $cnta++; + } + } + /* ... the user has deleted this protected entry. */ + if ($cnta === 0) { + $pkg .= "[pfBlockerNG]"; + /* Force reimport. */ + shellcmd_forced_restore($pkg); + } + } + /* System Patches auto-apply patch feature (see patches.inc) */ + $spcmd = "/usr/local/bin/php -f /usr/local/bin/apply_patches.php"; + if (in_array($spcmd, $a_earlyshellcmd)) { + $cntb = 0; + foreach ($a_shellcmd_config as $item => $value) { + if (in_array($spcmd, $value)) { + $cntb++; + } + } + if ($cntb === 0) { + $pkg .= "[System Patches]"; + shellcmd_forced_restore($pkg); + } + } + + /* Otherwise, sync package and system configuration normally */ + shellcmd_sync_package(); } } -function shellcmd_sync_package() -{ - global $config; - //synch shellcmd tab - //configure_shellcmd(); - //$handle = popen("/usr/local/etc/rc.d/shellcmd.sh stop", "r"); - //pclose($handle); - //$handle = popen("/usr/local/etc/rc.d/shellcmd.sh start", "r"); - //pclose($handle); +/* Force restore of protected (early)shellcmds from system config */ +function shellcmd_forced_restore($pkg) { + log_error("[shellcmd] Refused to delete {$pkg} earlyshellcmd. Use {$pkg} to configure this entry."); + shellcmd_import_config(); + write_config("[shellcmd] Restore of {$pkg} earlyshellcmd forced."); + /* Send the user back to settings */ + header("Location: pkg.php?xml=shellcmd.xml"); + exit; } - -function shellcmd_install_command() -{ +function shellcmd_sync_package() { global $config; conf_mount_rw(); - shellcmd_sync_package(); - conf_mount_ro(); + + $cmd = ''; + $cmdtype = ''; + $a_shellcmd = array(); + $a_earlyshellcmd = array(); + /* afterfilterchangeshellcmd is NOT treated as an array, it's a string! */ + /* See /etc/inc/xmlparse.inc and /etc/inc/xmlreader.inc */ + $afterfilterchangeshellcmd = ''; + $a_shellcmd_config = &$config['installedpackages']['shellcmdsettings']['config']; + if (!is_array($a_shellcmd_config)) { + $a_shellcmd_config = array(); + } + $i = 0; + /* When an item is added to shellcmd package configuration, make sure */ + /* we add corresponding entry to $config['system'] as well */ + foreach ($a_shellcmd_config as $item) { + /* Get the command from package configuration here */ + $cmd = $a_shellcmd_config[$i]['cmd']; + /* Lets see what type of command we are adding first... */ + $cmdtype = $a_shellcmd_config[$i]['cmdtype']; + /* shellcmd */ + if ($cmdtype == "shellcmd") { + $a_shellcmd[] = $cmd; + $i++; + /* earlyshellcmd */ + } elseif ($cmdtype == "earlyshellcmd") { + $a_earlyshellcmd[] = $cmd; + $i++; + /* afterfilterchangeshellcmd */ + } elseif ($cmdtype == "afterfilterchangeshellcmd") { + $afterfilterchangeshellcmd = $cmd; + $i++; + /* Either disabled, or possibly someone messing with config.xml manually?! */ + } else { + $i++; + } + } + + /* Write the new system configuration to config.xml from scratch when done */ + unset($config['system']['shellcmd']); + $config['system']['shellcmd'] = $a_shellcmd; + unset($config['system']['earlyshellcmd']); + $config['system']['earlyshellcmd'] = $a_earlyshellcmd; + unset($config['system']['afterfilterchangeshellcmd']); + $config['system']['afterfilterchangeshellcmd'] = $afterfilterchangeshellcmd; + write_config("[shellcmd] Successfully (re)synced shellcmd configuration."); } -function shellcmd_deinstall_command() -{ +function shellcmd_import_config() { + global $config; - conf_mount_rw(); - $handle = popen("/usr/local/etc/rc.d/shellcmd.sh stop", "r"); - //unlink_if_exists("/usr/local/etc/rc.d/shellcmd.sh"); - conf_mount_ro(); + $shellcmd_config = &$config['installedpackages']['shellcmdsettings']['config']; + if (!is_array($shellcmd_config)) { + $shellcmd_config = array(); + } + + $i = 0; + + /* First, preserve any disabled items */ + $a_shellcmd_config = &$shellcmd_config; + foreach ($a_shellcmd_config as $item => $value) { + $cmd = $value['cmd']; + $cmdtype = $value['cmdtype']; + $description = $value['description']; + if ($cmdtype == "disabled") { + $shellcmd_config[$i]['cmd'] = $cmd; + $shellcmd_config[$i]['cmdtype'] = "disabled"; + $shellcmd_config[$i]['description'] = $description ?: "Imported disabled item ({$i})"; + $i++; + } + } + + /* Import earlyshellcmd entries which were either created by previous package versions, */ + /* or manually, or added by some other package(s) (if there are any in config.xml) */ + /* Two currently known special cases are handled here - System Patches and pfBlockerNG */ + if (is_array($config['system']['earlyshellcmd'])) { + $earlyshellcmds = &$config['system']['earlyshellcmd']; + $pfbcmd = "/usr/local/pkg/pfblockerng/pfblockerng.sh"; + $spcmd = "/usr/local/bin/php -f /usr/local/bin/apply_patches.php"; + foreach ($earlyshellcmds as $earlyshellcmd) { + /* pfBlockerNG - function to restore archived aliastables on nanobsd (see pfblockerng.inc) */ + if (stristr($earlyshellcmd, "{$pfbcmd}")) { + $shellcmd_config[$i]['cmd'] = $earlyshellcmd; + $shellcmd_config[$i]['cmdtype'] = "earlyshellcmd"; + $shellcmd_config[$i]['description'] = "pfBlockerNG default earlyshellcmd. DO NOT EDIT/DELETE!"; + $i++; + /* System Patches auto-apply patch feature (see patches.inc) */ + } elseif (stristr($earlyshellcmd, "{$spcmd}")) { + $shellcmd_config[$i]['cmd'] = $earlyshellcmd; + $shellcmd_config[$i]['cmdtype'] = "earlyshellcmd"; + $shellcmd_config[$i]['description'] = "System Patches default earlyshellcmd. DO NOT EDIT/DELETE!"; + $i++; + /* Other manually added earlyshellcmd entries */ + } else { + $shellcmd_config[$i]['cmd'] = $earlyshellcmd; + $shellcmd_config[$i]['cmdtype'] = "earlyshellcmd"; + $shellcmd_config[$i]['description'] = $shellcmd_config[$i]['description'] ?: "Imported earlyshellcmd ({$i})"; + $i++; + } + + } + } + /* Import shellcmd entries which were created manually (if there are any in config.xml) */ + if (is_array($config['system']['shellcmd'])) { + $shellcmds = &$config['system']['shellcmd']; + foreach ($shellcmds as $shellcmd) { + $shellcmd_config[$i]['cmd'] = $shellcmd; + $shellcmd_config[$i]['cmdtype'] = "shellcmd"; + $shellcmd_config[$i]['description'] = $shellcmd_config[$i]['description'] ?: "Imported shellcmd ({$i})"; + $i++; + } + } + + /* Import afterfilterchangeshellcmd entry which was created manually (if there is any in config.xml) */ + /* afterfilterchangeshellcmd is NOT treated as an array, it's a string! See /etc/inc/xmlparse.inc and /etc/inc/xmlreader.inc */ + if ($config['system']['afterfilterchangeshellcmd'] != '') { + $shellcmd_config[$i]['cmd'] = $config['system']['afterfilterchangeshellcmd']; + $shellcmd_config[$i]['cmdtype'] = "afterfilterchangeshellcmd"; + $shellcmd_config[$i]['description'] = $shellcmd_config[$i]['description'] ?: "Imported afterfilterchangeshellcmd"; + $i++; + } + + /* Write the new config.xml when import is finished */ + write_config("[shellcmd] Successfully imported package configuration from config.xml."); + +} + +function shellcmd_validate_input($post, &$input_errors) { + global $config; + $a_shellcmd = &$config['system']['shellcmd']; + if (!is_array($a_shellcmd)) { + $a_shellcmd = array(); + } + $a_earlyshellcmd = &$config['system']['earlyshellcmd']; + if (!is_array($a_earlyshellcmd)) { + $a_earlyshellcmd = array(); + } + $a_shellcmd_config = &$config['installedpackages']['shellcmdsettings']['config']; + if (!is_array($a_shellcmd_config)) { + $a_shellcmd_config = array(); + } + /* afterfilterchangeshellcmd is NOT an array */ + $afterfilterchangeshellcmd = $config['system']['afterfilterchangeshellcmd']; + + /* Make sure we don't add the same command twice as it's just pointless */ + if (($post['cmd']) != '') { + $id = $post['id']; + if ($post['cmdtype'] == "shellcmd") { + if (in_array($post['cmd'], $a_shellcmd)) { + /* Allow changing description */ + if ((($post['cmd']) == $a_shellcmd_config[$id]['cmd']) && (($post['cmdtype']) == $a_shellcmd_config[$id]['cmdtype'])) { + return; + } else { + $input_errors[] = "{$post['cmd']} already exists as shellcmd."; + } + } + } + if ($post['cmdtype'] == "earlyshellcmd") { + if (in_array($post['cmd'], $a_earlyshellcmd)) { + /* Allow changing description */ + if ((($post['cmd']) == $a_shellcmd_config[$id]['cmd']) && (($post['cmdtype']) == $a_shellcmd_config[$id]['cmdtype'])) { + return; + } else { + $input_errors[] = "{$post['cmd']} already exists as earlyshellcmd."; + } + } + } + /* Only ONE item of this type may be configured */ + if ($post['cmdtype'] == "afterfilterchangeshellcmd") { + // Not yet configured, OK + if ($afterfilterchangeshellcmd == '') { + return; + // Allow changing description + } elseif ((($post['cmd']) == $a_shellcmd_config[$id]['cmd']) && (($post['cmdtype']) == $a_shellcmd_config[$id]['cmdtype'])) { + return; + // Tired of input validation... Needs something better in future. + } else { + $input_errors[] = "Only ONE afterfilterchangeshellcmd may be configured! Delete the existing entry and try again!"; + } + } + } } diff --git a/config/shellcmd/shellcmd.php b/config/shellcmd/shellcmd.php deleted file mode 100644 index fd386910..00000000 --- a/config/shellcmd/shellcmd.php +++ /dev/null @@ -1,179 +0,0 @@ -<?php -/* $Id$ */ -/* - shellcmd.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/shellcmd.inc"); - -$a_earlyshellcmd = &$config['system']['earlyshellcmd']; -$a_shellcmd = &$config['system']['shellcmd']; -//$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - -include("head.inc"); - -?> - - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">Shellcmd: Settings</p> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/packages/shellcmd/shellcmd.php"); - display_top_tabs($tab_array); - -?> -</td></tr> -</table> - -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - -<form action="shellcmd.php" method="post" name="iform" id="iform"> -<?php - -//if ($savemsg) print_info_box($savemsg); -//if (file_exists($d_hostsdirty_path)): echo"<p>"; -//print_info_box_np("This is an info box."); -//echo"<br />"; -//endif; - -?> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><!--<span class="vexpl"><span class="red"><strong>shellcmd<br></strong></span>--> - The shellcmd utility is used to manage commands on system startup. - <br /><br /> - <!--For more information see: <a href='http://www.' target='_blank'>http://www.</a>--> - </p></td> - </tr> - </table> - <br /> - - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td width="50%" class="listhdrr">Command</td> - <td width="30%" class="listhdrr">Type</td> - <td width="10%" class="list"> - - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="shellcmd_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - - </td> - </tr> - - -<?php - - $categories = array("earlyshellcmd","shellcmd"); - //$categories = array("earlyshellcmd","shellcmd","afterfilterchangeshellcmd"); - - foreach ($categories as $category) { - $i = 0; - // dynamically create the category config name - $category_config = "a_".$category; - if (count($$category_config) > 0) { - foreach ($$category_config as $ent) { - // previous versions of shellcmd stored the command in an additional <command>-xmltag, this unnests this for backwards compatibility - if (is_array($ent)) { $ent = $ent['command']; } - - echo " <tr>\n"; - echo " <td class=\"listr\" ondblclick=\"document.location='shellcmd_edit.php?t=".$category."&id=".$i."';\">\n"; - echo " ".$ent."\n"; - echo " </td>\n"; - echo " <td class=\"listbg\" ondblclick=\"document.location='shellcmd_edit.php?t=".$category."&id=".$i."';\">\n"; - echo " ".$category."\n"; - echo " </td>\n"; - echo " <td valign=\"middle\" nowrap class=\"list\">\n"; - echo " <table border=\"0\" cellspacing=\"0\" cellpadding=\"1\">\n"; - echo " <tr>\n"; - echo " <td valign=\"middle\"><a href=\"shellcmd_edit.php?t=".$category."&id=".$i."\"><img src=\"/themes/".$g['theme']."/images/icons/icon_e.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " <td><a href=\"shellcmd_edit.php?t=".$category."&type=cmd&act=del&id=".$i."\" onclick=\"return confirm('Do you really want to delete this?')\"><img src=\"/themes/".$g['theme']."/images/icons/icon_x.gif\" width=\"17\" height=\"17\" border=\"0\"></a></td>\n"; - echo " </tr>\n"; - echo " </table>\n"; - echo " </td>\n"; - echo " </tr>"; - $i++; - } - } - } - - -?> - - <tr> - <td class="list" colspan="2"></td> - <td class="list"> - <table border="0" cellspacing="0" cellpadding="1"> - <tr> - <td width="17"></td> - <td valign="middle"><a href="shellcmd_edit.php"><img src="/themes/<?= $g['theme']; ?>/images/icons/icon_plus.gif" width="17" height="17" border="0"></a></td> - </tr> - </table> - </td> - </tr> - - - <tr> - <td class="list" colspan="3"></td> - <td class="list"></td> - </tr> - </table> - -</form> - - -<br> -<br> -<br> -<br> -<br> -<br> -<br> -<br> - -</td> -</tr> -</table> - -</div> - - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/shellcmd/shellcmd.xml b/config/shellcmd/shellcmd.xml index 094c3d30..f6b34ee4 100644 --- a/config/shellcmd/shellcmd.xml +++ b/config/shellcmd/shellcmd.xml @@ -1,115 +1,157 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - shellcmd.xml - Copyright (C) 2008 Mark J Crane - All rights reserved. - */ -/* ========================================================================== */ + shellcmd.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008 Mark J Crane + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Shellcmd</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>Shellcmd Settings</name> - <version>0.4</version> - <title>Settings</title> + <version>1.0</version> + <title>Shellcmd Settings</title> <include_file>/usr/local/pkg/shellcmd.inc</include_file> + <aftersaveredirect>/pkg.php?xml=shellcmd.xml</aftersaveredirect> + <addedit_string>[shellcmd] Successfully created/modified custom (early)shellcmd.</addedit_string> + <delete_string>[shellcmd] Successfully deleted custom (early)shellcmd.</delete_string> <menu> <name>Shellcmd</name> - <tooltiptext>shellcmd settings.</tooltiptext> <section>Services</section> <configfile>shellcmd.xml</configfile> - <url>/packages/shellcmd/shellcmd.php</url> + <url>/pkg.php?xml=shellcmd.xml</url> </menu> <tabs> <tab> <text>Settings</text> - <url>/pkg_edit.php?xml=shellcmd.xml&id=0</url> + <url>/pkg.php?xml=shellcmd.xml</url> <active/> </tab> - <tab> - <text>Settings</text> - <url>/packages/shellcmd/shellcmd.php</url> - <active/> - </tab> </tabs> - <configpath>installedpackages->package->$packagename->configuration->shellcmd</configpath> + <configpath>['installedpackages']['shellcmdsettings']['config']</configpath> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.inc</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/packages/shellcmd/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/packages/shellcmd/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/shellcmd/shellcmd_edit.php</item> - </additional_files_needed> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Command</fielddescr> + <fieldname>cmd</fieldname> + </columnitem> + <columnitem> + <fielddescr>Shellcmd Type</fielddescr> + <fieldname>cmdtype</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + <addtext>Add a new (early)shellcmd entry</addtext> + <edittext>Edit this (early)shellcmd entry</edittext> + <deletetext>Delete this (early)shellcmd entry</deletetext> + </adddeleteeditpagefields> <fields> <field> - <fielddescr>Variable One</fielddescr> - <fieldname>var1</fieldname> - <description>Enter the variable one here.</description> + <type>listtopic</type> + <fieldname>none</fieldname> + <name>Shellcmd Configuration</name> + </field> + <field> + <fielddescr>Command</fielddescr> + <fieldname>cmd</fieldname> <type>input</type> + <size>60</size> + <description>Enter the command to run.</description> + <required/> + </field> + <field> + <fielddescr>Shellcmd Type</fielddescr> + <fieldname>cmdtype</fieldname> + <type>select</type> + <options> + <option> + <name>shellcmd</name> + <value>shellcmd</value> + </option> + <option> + <name>earlyshellcmd</name> + <value>earlyshellcmd</value> + </option> + <option> + <name>afterfilterchangeshellcmd</name> + <value>afterfilterchangeshellcmd</value> + </option> + <option> + <name>disabled</name> + <value>disabled</value> + </option> + </options> + <description> + <![CDATA[ + Choose the shellcmd type.<br /><br /> + <strong>shellcmd</strong> will run the command specified towards the end of the boot process.<br /> + <strong>earlyshellcmd</strong> will run the command specified at the beginning of the boot process.<br /> + <strong>afterfilterchangeshellcmd</strong> will run after each filter_configure() call. + See <a href="https://github.com/pfsense/pfsense/blob/master/etc/inc/filter.inc">filter.inc source code</a> for "documentation". + <span class="errmsg">N.B.: Only one entry of this type can be configured!</span><br /> + <strong>disabled</strong> will save the command in package configuration but it will NOT run on boot.<br /><br /> + See <a href="https://doc.pfsense.org/index.php/Executing_commands_at_boot_time">Executing commands at boot time</a> for detailed explanation. + ]]> + </description> + <required/> </field> <field> - <fielddescr>Variable Two</fielddescr> - <fieldname>var1</fieldname> - <description>Enter the variable one here.</description> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>Enter a description for this command.</description> <type>input</type> + <typehint>(This is for your reference only.)</typehint> + <size>60</size> </field> - </fields> - <custom_add_php_command> - </custom_add_php_command> + </fields> + <custom_php_install_command> + shellcmd_import_config(); + </custom_php_install_command> <custom_php_resync_config_command> shellcmd_sync_package(); </custom_php_resync_config_command> - <custom_delete_php_command> - shellcmd_sync_package(); + <custom_delete_php_command> + shellcmd_delete_php_command(); </custom_delete_php_command> - <custom_php_install_command> - shellcmd_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - shellcmd_deinstall_command(); - </custom_php_deinstall_command> + <custom_php_validation_command> + shellcmd_validate_input($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/shellcmd/shellcmd_edit.php b/config/shellcmd/shellcmd_edit.php deleted file mode 100644 index 5ae466d5..00000000 --- a/config/shellcmd/shellcmd_edit.php +++ /dev/null @@ -1,303 +0,0 @@ -<?php -/* $Id$ */ -/* - - shellcmd_edit.php - Copyright (C) 2008 Mark J Crane - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); -require("/usr/local/pkg/shellcmd.inc"); - - -$id = $_GET['id']; -if (strlen($_POST['id'])>0) { - $id = $_POST['id']; -} - -$type = $_GET['t']; -if (strlen($_POST['t'])>0) { - $type = $_POST['t']; -} - -if ($_GET['act'] == "del") { - if ($_GET['type'] == 'cmd') { - - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - $a_earlyshellcmd = &$config['system']['earlyshellcmd']; - unset($a_earlyshellcmd[$_GET['id']]); - write_config(); - shellcmd_sync_package(); - header("Location: shellcmd.php"); - exit; - break; - case "shellcmd": - $a_shellcmd = &$config['system']['shellcmd']; - unset($a_shellcmd[$_GET['id']]); - write_config(); - shellcmd_sync_package(); - header("Location: shellcmd.php"); - exit; - break; - case "afterfilterchangeshellcmd": - // $a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - // unset($a_afterfilterchangeshellcmd[$_GET['id']]); - // write_config(); - // shellcmd_sync_package(); - // header("Location: shellcmd.php"); - // exit; - break; - default: - break; - } - - } -} - -//get value for the form edit value -if (strlen($id) > 0) { - - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - $a_earlyshellcmd = &$config['system']['earlyshellcmd']; - if ($a_earlyshellcmd[$id]) { - $pconfig['command'] = $a_earlyshellcmd[$id]; - } - break; - case "shellcmd": - $a_shellcmd = &$config['system']['shellcmd']; - if ($a_shellcmd[$id]) { - $pconfig['command'] = $a_shellcmd[$id]; - } - break; - case "afterfilterchangeshellcmd": - //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - //if ($a_afterfilterchangeshellcmd[$id]) { - // $pconfig['command'] = $a_afterfilterchangeshellcmd[$id]; - //} - break; - default: - break; - } - - // previous version of shellcmd wrapped all commands in a <command>-xmltag, unnesting this for backwards compatibility - if (is_array($pconfig['command'])) $pconfig['command'] = $pconfig['command']['command']; - -} - -if ($_POST) { - - unset($input_errors); - - if (!$input_errors) { - if (strlen($_POST['command']) > 0) { - - $ent = $_POST['command']; - - if (strlen($id)>0) { - //update - - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - $a_earlyshellcmd = &$config['system']['earlyshellcmd']; - if ($a_earlyshellcmd[$id]) { - $a_earlyshellcmd[$id] = $ent; - } - break; - case "shellcmd": - $a_shellcmd = &$config['system']['shellcmd']; - if ($a_shellcmd[$id]) { - $a_shellcmd[$id] = $ent; - } - break; - case "afterfilterchangeshellcmd": - //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - //if ($a_afterfilterchangeshellcmd[$id]) { - // $a_afterfilterchangeshellcmd[$id] = $ent; - //} - break; - default: - break; - } - - } - else { - //add - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - $a_earlyshellcmd = &$config['system']['earlyshellcmd']; - $a_earlyshellcmd[] = $ent; - break; - case "shellcmd": - $a_shellcmd = &$config['system']['shellcmd']; - $a_shellcmd[] = $ent; - break; - case "afterfilterchangeshellcmd": - //$a_afterfilterchangeshellcmd = &$config['system']['afterfilterchangeshellcmd']; - //$a_afterfilterchangeshellcmd[] = $ent; - break; - default: - break; - } - - } - - write_config(); - shellcmd_sync_package(); - } - - header("Location: shellcmd.php"); - exit; - } -} - -include("head.inc"); - -?> - -<script type="text/javascript" language="JavaScript"> - -function show_advanced_config() { - document.getElementById("showadvancedbox").innerHTML=''; - aodiv = document.getElementById('showadvanced'); - aodiv.style.display = "block"; -</script> - -<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<p class="pgtitle">Shellcmd: Edit</p> -<?php if ($input_errors) print_input_errors($input_errors); ?> - -<div id="mainlevel"> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> -<tr><td class="tabnavtbl"> -<?php - - $tab_array = array(); - $tab_array[] = array(gettext("Settings"), false, "/packages/shellcmd/shellcmd.php"); - display_top_tabs($tab_array); - -?> -</td></tr> -</table> -<table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <!-- - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td><p><span class="vexpl"><span class="red"><strong>shellcmd<br> - </strong></span> - </p></td> - </tr> - </table> - --> - <br /> - - - <form action="shellcmd_edit.php" method="post" name="iform" id="iform"> - <table width="100%" border="0" cellpadding="6" cellspacing="0"> - <tr> - <td width="25%" valign="top" class="vncellreq">Command</td> - <td width="75%" class="vtable"> - <input name="command" type="text" class="formfld" id="command" size="40" value="<?=htmlspecialchars($pconfig['command']);?>"> - </td> - </tr> - - <tr> - <td width="25%" valign="top" class="vncellreq">Type</td> - <td width="75%" class="vtable"> - <?php - echo " <select name='t' class='formfld'>\n"; - echo " <option></option>\n"; - switch (htmlspecialchars($type)) { - case "earlyshellcmd": - echo " <option value='earlyshellcmd' selected='yes'>earlyshellcmd</option>\n"; - echo " <option value='shellcmd'>shellcmd</option>\n"; - //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n"; - break; - case "shellcmd": - echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n"; - echo " <option value='shellcmd' selected='yes'>shellcmd</option>\n"; - //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n"; - break; - case "afterfilterchangeshellcmd": - //echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n"; - //echo " <option value='shellcmd'>shellcmd</option>\n"; - //echo " <option value='afterfilterchangeshellcmd' selected='yes'>afterfilterchangeshellcmd</option>\n"; - break; - default: - echo " <option value=''></option>\n"; - echo " <option value='earlyshellcmd'>earlyshellcmd</option>\n"; - echo " <option value='shellcmd'>shellcmd</option>\n"; - //echo " <option value='afterfilterchangeshellcmd'>afterfilterchangeshellcmd</option>\n"; - break; - } - echo " </select>\n"; - ?> - </td> - </tr> - - - <!-- - <tr> - <td width="25%" valign="top" class="vncellreq">Description</td> - <td width="75%" class="vtable"> - <input name="description" type="text" class="formfld" id="description" size="40" value="<?=htmlspecialchars($pconfig['description']);?>"> - <br><span class="vexpl">Enter the description here.<br></span> - </td> - </tr> - --> - - <tr> - <td valign="top"> </td> - <td> - <?php if (strlen($id)>0) { ?> - <input name="id" type="hidden" value="<?=$id;?>"> - <?php }; ?> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" onclick="history.back()"> - </td> - </tr> - </table> - </form> - - <br> - <br> - <br> - <br> - <br> - <br> - - </td> - </tr> -</table> - -</div> - -<?php include("fend.inc"); ?> -</body> -</html> diff --git a/config/siproxd/siproxd.inc b/config/siproxd/siproxd.inc index 53dc7a2d..50b6e558 100644 --- a/config/siproxd/siproxd.inc +++ b/config/siproxd/siproxd.inc @@ -1,8 +1,10 @@ <?php /* siproxd.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2006 Scott Ullrich Copyright (C) 2010 Jim Pingle + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,54 +28,51 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -if(!function_exists("filter_configure")) +if (!function_exists("filter_configure")) { require_once("filter.inc"); +} require_once("service-utils.inc"); -// Check to find out on which system the package is running -$pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); +// Check to find out on which pfSense version the package is running +global $pfs_version; +$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('SIPROXD', '/usr/pbi/siproxd-' . php_uname("m")); } else { define('SIPROXD', '/usr/local'); } -// End of system check -function sync_package_sipproxd_users() { +function sync_package_siproxd_users() { + global $g, $config; conf_mount_rw(); - // put the constant to a variable - $varSIPROXD = SIPROXD; - - global $config; - $fout = fopen("$varSIPROXD/etc/siproxd_passwd.cfg","w"); + $siproxd_pwfile = SIPROXD . '/etc/siproxd_passwd.cfg'; + $fout = fopen($siproxd_pwfile, "w"); fwrite($fout, "# This file was automatically generated by the pfSense\n# package management system.\n\n"); - if($config['installedpackages']['siproxdusers']['config'] != "") { - foreach($config['installedpackages']['siproxdusers']['config'] as $rowhelper) { + if ($config['installedpackages']['siproxdusers']['config'] != "") { + foreach ($config['installedpackages']['siproxdusers']['config'] as $rowhelper) { fwrite($fout, $rowhelper['username'] . " " . $rowhelper['password'] . "\n"); } } fclose($fout); + conf_mount_ro(); - system("/usr/bin/killall -HUP siproxd"); + /* Reload settings to sync users */ + sigkillbypid("{$g['varrun_path']}/siproxd.pid", "HUP"); } function siproxd_generate_rules($type) { global $config; - // put the constant to a variable - $varSIPROXD = SIPROXD; - $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; if (!is_service_running('siproxd')) { - log_error("Sipproxd is installed but not started. Not installing redirect rules."); + log_error("Siproxd is installed but not started. Not installing redirect rules."); return; } /* proxy is turned off in package settings */ - if($siproxd_conf['sipenable'] == "0") { - log_error("WARNING: siproxd proxy has not been enabled. Not installing rules."); + if ($siproxd_conf['sipenable'] == "0") { + log_error("WARNING: siproxd proxy has not been enabled. Not installing rules."); return "\n"; } @@ -84,25 +83,26 @@ function siproxd_generate_rules($type) { $port = ($siproxd_conf['port'] ? $siproxd_conf['port'] : 5060); switch($type) { - case 'nat': - $rules .= "\n# Setup Sipproxd proxy redirect\n"; - foreach ($ifaces as $iface) { - if($iface <> "") - $rules .= "rdr on {$iface} proto udp from any to !($iface) port {$port} -> 127.0.0.1 port {$port}\n"; - } - break; - case 'filter': - case 'rule': - foreach ($ifaces as $iface) { - if($iface <> "") { - $rules .= "# allow SIP signaling and RTP traffic\n"; - $rules .= "pass in on {$iface} proto udp from any to any port = {$port}\n"; - if($siproxd_conf['rtpenable'] == "1") { - $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + case 'nat': + $rules .= "\n# Setup Siproxd proxy redirect\n"; + foreach ($ifaces as $iface) { + if ($iface <> "") { + $rules .= "rdr on {$iface} proto udp from any to !($iface) port {$port} -> 127.0.0.1 port {$port}\n"; } } - } - break; + break; + case 'filter': + case 'rule': + foreach ($ifaces as $iface) { + if ($iface <> "") { + $rules .= "# allow SIP signaling and RTP traffic\n"; + $rules .= "pass in on {$iface} proto udp from any to any port = {$port}\n"; + if ($siproxd_conf['rtpenable'] == "1") { + $rules .= "pass in on {$iface} proto udp from any to any port {$rtplower}:{$rtpupper}\n"; + } + } + } + break; } return $rules; @@ -111,42 +111,50 @@ function siproxd_generate_rules($type) { function sync_package_siproxd() { global $config, $pfs_version; - // put the constant to a variable - $varSIPROXD = SIPROXD; - conf_mount_rw(); $siproxd_chroot = "/var/siproxd/"; - @mkdir($siproxd_chroot); + safe_mkdir($siproxd_chroot); @chown($siproxd_chroot, "nobody"); @chgrp($siproxd_chroot, "nobody"); + unlink_if_exists(SIPROXD . '/etc/rc.d/siproxd'); - unlink_if_exists("$varSIPROXD/etc/rc.d/siproxd"); $siproxd_conf = &$config['installedpackages']['siproxdsettings']['config'][0]; - $fout = fopen("$varSIPROXD/etc/siproxd.conf","w"); + $siproxd_conffile = SIPROXD . '/etc/siproxd.conf'; + $siproxd_pwfile = SIPROXD . '/etc/siproxd_passwd.cfg'; + + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pfs_version == '2.2') { + $siproxd_bin = SIPROXD . '/bin/siproxd'; + } else { + $siproxd_bin = SIPROXD . '/sbin/siproxd'; + } + $plugindir = SIPROXD . '/lib/siproxd'; + + $fout = fopen($siproxd_conffile, "w"); fwrite($fout, "# This file was automatically generated by the pfSense\n"); fwrite($fout, "# package management system.\n\n"); /* proxy is turned off in package settings */ - if($siproxd_conf['sipenable'] == "0") { + if ($siproxd_conf['sipenable'] == "0") { fclose($fout); return; } - if($siproxd_conf['if_inbound'] != "") { + if ($siproxd_conf['if_inbound'] != "") { fwrite($fout, "if_inbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_inbound']) . "\n"); } - if($siproxd_conf['if_outbound'] != "") { - if(intval($config['version']) < 6 && $config['interfaces'][$siproxd_conf['if_outbound']]['ipaddr'] == "pppoe") { + if ($siproxd_conf['if_outbound'] != "") { + if (intval($config['version']) < 6 && $config['interfaces'][$siproxd_conf['if_outbound']]['ipaddr'] == "pppoe") { fwrite($fout, "if_outbound = ng0\n"); } else { fwrite($fout, "if_outbound = " . convert_friendly_interface_to_real_interface_name($siproxd_conf['if_outbound']) . "\n"); } } - if($siproxd_conf['port'] != "") { + if ($siproxd_conf['port'] != "") { fwrite($fout, "sip_listen_port = " . $siproxd_conf['port'] . "\n"); } else { fwrite($fout, "sip_listen_port = 5060\n"); @@ -161,13 +169,13 @@ function sync_package_siproxd() { fwrite($fout, "autosave_registrations = 10\n"); fwrite($fout, "pid_file = siproxd.pid\n"); - if($siproxd_conf['rtpenable'] != "") { + if ($siproxd_conf['rtpenable'] != "") { fwrite($fout, "rtp_proxy_enable = " . $siproxd_conf['rtpenable'] . "\n"); } else { fwrite($fout, "rtp_proxy_enable = 1\n"); } - if(($siproxd_conf['rtplower'] != "") && ($siproxd_conf['rtpupper'] != "")) { + if (($siproxd_conf['rtplower'] != "") && ($siproxd_conf['rtpupper'] != "")) { fwrite($fout, "rtp_port_low = " . $siproxd_conf['rtplower'] . "\n"); fwrite($fout, "rtp_port_high = " . $siproxd_conf['rtpupper'] . "\n"); } else { @@ -175,102 +183,113 @@ function sync_package_siproxd() { fwrite($fout, "rtp_port_high = 7079\n"); } - if($siproxd_conf['rtptimeout'] != "") { + if ($siproxd_conf['rtptimeout'] != "") { fwrite($fout, "rtp_timeout = " . $siproxd_conf['rtptimeout'] . "\n"); } else { fwrite($fout, "rtp_timeout = 300\n"); } - if($siproxd_conf['defaulttimeout'] != "") { + if ($siproxd_conf['defaulttimeout'] != "") { fwrite($fout, "default_expires = " . $siproxd_conf['defaulttimeout'] . "\n"); } else { fwrite($fout, "default_expires = 600\n"); } - if($siproxd_conf['authentication']) { + if ($siproxd_conf['authentication']) { fwrite($fout, "proxy_auth_realm = Authentication_Realm\n"); - fwrite($fout, "proxy_auth_pwfile = $varSIPROXD/etc/siproxd_passwd.cfg\n"); + fwrite($fout, "proxy_auth_pwfile = {$siproxd_pwfile}\n"); } - if($siproxd_conf['debug_level'] != "") { + if ($siproxd_conf['debug_level'] != "") { fwrite($fout, "debug_level = " . $siproxd_conf['debug_level'] . "\n"); } else { fwrite($fout, "debug_level = 0x00000000\n"); } - if($siproxd_conf['debug_port'] != "") { + if ($siproxd_conf['debug_port'] != "") { fwrite($fout, "debug_port = " . $siproxd_conf['debug_port'] . "\n"); } - if($siproxd_conf['outboundproxyhost'] != "") { - if($siproxd_conf['outboundproxyport'] != "") { + if ($siproxd_conf['outboundproxyhost'] != "") { + if ($siproxd_conf['outboundproxyport'] != "") { fwrite($fout, "outbound_proxy_host = " . $siproxd_conf['outboundproxyhost'] . "\n"); fwrite($fout, "outbound_proxy_port = " . $siproxd_conf['outboundproxyport'] . "\n"); } } - if($siproxd_conf['expeditedforwarding'] != "") + if ($siproxd_conf['expeditedforwarding'] != "") { fwrite($fout, "rtp_dscp = 46\n"); - if($siproxd_conf['expeditedsipforwarding'] != "") + } + if ($siproxd_conf['expeditedsipforwarding'] != "") { fwrite($fout, "sip_dscp = 26\n"); - - if ($siproxd_conf['rtp_input_dejitter'] != "") + } + if ($siproxd_conf['rtp_input_dejitter'] != "") { fwrite($fout, "rtp_input_dejitter = " . $siproxd_conf['rtp_input_dejitter'] . "\n"); - if ($siproxd_conf['rtp_output_dejitter'] != "") + } + if ($siproxd_conf['rtp_output_dejitter'] != "") { fwrite($fout, "rtp_output_dejitter = " . $siproxd_conf['rtp_output_dejitter'] . "\n"); - if ($siproxd_conf['tcp_timeout'] != "") + } + if ($siproxd_conf['tcp_timeout'] != "") { fwrite($fout, "tcp_timeout = " . $siproxd_conf['tcp_timeout'] . "\n"); - if ($siproxd_conf['tcp_connect_timeout'] != "") + } + if ($siproxd_conf['tcp_connect_timeout'] != "") { fwrite($fout, "tcp_connect_timeout = " . $siproxd_conf['tcp_connect_timeout'] . "\n"); - if ($siproxd_conf['tcp_keepalive'] != "") + } + if ($siproxd_conf['tcp_keepalive'] != "") { fwrite($fout, "tcp_keepalive = " . $siproxd_conf['tcp_keepalive'] . "\n"); + } - fwrite($fout, "plugindir=$varSIPROXD/lib/siproxd/\n"); + fwrite($fout, "plugindir={$plugindir}\n"); fwrite($fout, "load_plugin=plugin_logcall.la\n"); - if ($siproxd_conf['plugin_defaulttarget'] != "") + if ($siproxd_conf['plugin_defaulttarget'] != "") { fwrite($fout, "load_plugin=plugin_defaulttarget.la\n"); - if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_log'] != "")) + } + if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_log'] != "")) { fwrite($fout, "plugin_defaulttarget_log = 1\n"); - if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_target'] != "")) + } + if (($siproxd_conf['plugin_defaulttarget'] != "") && ($siproxd_conf['plugin_defaulttarget_target'] != "")) { fwrite($fout, "plugin_defaulttarget_target = " . $siproxd_conf['plugin_defaulttarget_target'] . "\n"); + } - if ($siproxd_conf['plugin_fix_bogus_via'] != "") + if ($siproxd_conf['plugin_fix_bogus_via'] != "") { fwrite($fout, "load_plugin=plugin_fix_bogus_via.la\n"); - if (($siproxd_conf['plugin_fix_bogus_via'] != "") && ($siproxd_conf['plugin_fix_bogus_via_networks'] != "")) + } + if (($siproxd_conf['plugin_fix_bogus_via'] != "") && ($siproxd_conf['plugin_fix_bogus_via_networks'] != "")) { fwrite($fout, "plugin_fix_bogus_via_networks = " . $siproxd_conf['plugin_fix_bogus_via_networks'] . "\n"); + } - if ($siproxd_conf['plugin_stun'] != "") + if ($siproxd_conf['plugin_stun'] != "") { fwrite($fout, "load_plugin=plugin_stun.la\n"); - if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_server'] != "")) + } + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_server'] != "")) { fwrite($fout, "plugin_stun_server = " . $siproxd_conf['plugin_stun_server'] . "\n"); - if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_port'] != "")) + } + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_port'] != "")) { fwrite($fout, "plugin_stun_port = " . $siproxd_conf['plugin_stun_port'] . "\n"); - if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_period'] != "")) + } + if (($siproxd_conf['plugin_stun'] != "") && ($siproxd_conf['plugin_stun_period'] != "")) { fwrite($fout, "plugin_stun_period = " . $siproxd_conf['plugin_stun_period'] . "\n"); + } fclose($fout); - if ($pfs_version == '2.2') - $bin_dir='bin'; - else - $bin_dir='sbin'; - write_rcfile(array( "file" => "siproxd.sh", - "start" => "$varSIPROXD/{$bin_dir}/siproxd -c $varSIPROXD/etc/siproxd.conf &", + "start" => "{$siproxd_bin} -c {$siproxd_conffile} &", "stop" => "/usr/bin/killall -9 siproxd" ) ); - exec("killall -9 siproxd"); - - sleep(3); - - start_service("siproxd"); - - sleep(3); - + if (is_service_running('siproxd')) { + stop_service("siproxd"); + sleep(3); + } + /* Only (re)start the service when siproxd is enabled */ + if ($siproxd_conf['sipenable'] != "0") { + start_service("siproxd"); + sleep(3); + } filter_configure(); conf_mount_ro(); @@ -278,38 +297,54 @@ function sync_package_siproxd() { } function validate_form_siproxd($post, &$input_errors) { - if ($post['port'] && !is_port($post['port'])) + if ($post['port'] && !is_port($post['port'])) { $input_errors[] = 'Invalid port entered for "Listening Port"'; - if ($post['rtplower'] && !is_port($post['rtplower'])) + } + if ($post['rtplower'] && !is_port($post['rtplower'])) { $input_errors[] = 'Invalid port entered for "RTP port range (lower)".'; - if ($post['rtpupper'] && !is_port($post['rtpupper'])) + } + if ($post['rtpupper'] && !is_port($post['rtpupper'])) { $input_errors[] = 'Invalid port entered for "RTP port range (upper)".'; - if ($post['rtplower'] && $post['rtpupper'] && ($post['rtplower'] >= $post['rtpupper'])) + } + if ($post['rtplower'] && $post['rtpupper'] && ($post['rtplower'] >= $post['rtpupper'])) { $input_errors[] = 'RTP lower port cannot be equal to or higher than the RTP upper port.'; - if ($post['rtptimeout'] && (!is_numeric($post['rtptimeout']) || ($post['rtptimeout'] < 0))) + } + if ($post['rtptimeout'] && (!is_numeric($post['rtptimeout']) || ($post['rtptimeout'] < 0))) { $input_errors[] = '"RTP stream timeout" must be numeric and greater than 0.'; - if ($post['defaulttimeout'] && (!is_numeric($post['defaulttimeout']) || ($post['defaulttimeout'] < 0))) + } + if ($post['defaulttimeout'] && (!is_numeric($post['defaulttimeout']) || ($post['defaulttimeout'] < 0))) { $input_errors[] = '"Default expiration timeout" must be numeric and greater than 0.'; - if ($post['outboundproxyhost'] && (!is_hostname($post['outboundproxyhost']) && !is_ipaddr($post['outboundproxyhost']))) + } + if ($post['outboundproxyhost'] && (!is_hostname($post['outboundproxyhost']) && !is_ipaddr($post['outboundproxyhost']))) { $input_errors[] = 'Invalid hostname or IP address entered for "Outbound Proxy Host".'; - if ($post['outboundproxyport'] && !is_port($post['outboundproxyport'])) + } + if ($post['outboundproxyport'] && !is_port($post['outboundproxyport'])) { $input_errors[] = 'Invalid port entered for "Outbound Proxy Port".'; - if ($post['rtp_input_dejitter'] && (!is_numeric($post['rtp_input_dejitter']) || ($post['rtp_input_dejitter'] < 0))) + } + if ($post['rtp_input_dejitter'] && (!is_numeric($post['rtp_input_dejitter']) || ($post['rtp_input_dejitter'] < 0))) { $input_errors[] = '"Input Dejitter" must be numeric and greater than 0.'; - if ($post['rtp_output_dejitter'] && (!is_numeric($post['rtp_output_dejitter']) || ($post['rtp_output_dejitter'] < 0))) + } + if ($post['rtp_output_dejitter'] && (!is_numeric($post['rtp_output_dejitter']) || ($post['rtp_output_dejitter'] < 0))) { $input_errors[] = '"Output Dejitter" must be numeric and greater than 0.'; - if ($post['tcp_timeout'] && (!is_numeric($post['tcp_timeout']) || ($post['tcp_timeout'] < 0))) + } + if ($post['tcp_timeout'] && (!is_numeric($post['tcp_timeout']) || ($post['tcp_timeout'] < 0))) { $input_errors[] = '"TCP inactivity timeout" must be numeric and greater than 0.'; - if ($post['tcp_connect_timeout'] && (!is_numeric($post['tcp_connect_timeout']) || ($post['tcp_connect_timeout'] < 0))) + } + if ($post['tcp_connect_timeout'] && (!is_numeric($post['tcp_connect_timeout']) || ($post['tcp_connect_timeout'] < 0))) { $input_errors[] = '"TCP Connect Timeout" must be numeric and greater than 0.'; - if ($post['tcp_keepalive'] && (!is_numeric($post['tcp_keepalive']) || ($post['tcp_keepalive'] < 0))) + } + if ($post['tcp_keepalive'] && (!is_numeric($post['tcp_keepalive']) || ($post['tcp_keepalive'] < 0))) { $input_errors[] = '"TCP Keepalive" must be numeric and greater than 0.'; - if ($post['plugin_stun_server'] && (!is_hostname($post['plugin_stun_server']) && !is_ipaddr($post['plugin_stun_server']))) + } + if ($post['plugin_stun_server'] && (!is_hostname($post['plugin_stun_server']) && !is_ipaddr($post['plugin_stun_server']))) { $input_errors[] = 'Invalid hostname or IP address entered for "STUN Server".'; - if ($post['plugin_stun_port'] && !is_port($post['plugin_stun_port'])) + } + if ($post['plugin_stun_port'] && !is_port($post['plugin_stun_port'])) { $input_errors[] = 'Invalid port entered for "STUN Port".'; - if ($post['plugin_stun_period'] && (!is_numeric($post['plugin_stun_period']) || ($post['plugin_stun_period'] < 0))) + } + if ($post['plugin_stun_period'] && (!is_numeric($post['plugin_stun_period']) || ($post['plugin_stun_period'] < 0))) { $input_errors[] = '"STUN Period" must be numeric and greater than 0.'; + } } diff --git a/config/siproxd/siproxd.xml b/config/siproxd/siproxd.xml index cca84138..e4375d8e 100644 --- a/config/siproxd/siproxd.xml +++ b/config/siproxd/siproxd.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ @@ -43,7 +43,7 @@ ]]> </copyright> <name>siproxdsettings</name> - <version>1.0.5</version> + <version>1.0.6</version> <title>siproxd: Settings</title> <include_file>/usr/local/pkg/siproxd.inc</include_file> <aftersaveredirect>/pkg_edit.php?xml=siproxd.xml&id=0</aftersaveredirect> @@ -371,15 +371,15 @@ <type>input</type> </field> </fields> - <custom_php_global_functions> - </custom_php_global_functions> <custom_add_php_command> sync_package_siproxd(); </custom_add_php_command> <custom_php_resync_config_command> sync_package_siproxd(); </custom_php_resync_config_command> - <filter_rules_needed>siproxd_generate_rules</filter_rules_needed> + <filter_rules_needed> + siproxd_generate_rules(); + </filter_rules_needed> <custom_php_validation_command> validate_form_siproxd($_POST, $input_errors); </custom_php_validation_command> diff --git a/config/siproxd/siproxd_registered_phones.php b/config/siproxd/siproxd_registered_phones.php index a8789d7f..51eb474a 100644 --- a/config/siproxd/siproxd_registered_phones.php +++ b/config/siproxd/siproxd_registered_phones.php @@ -1,7 +1,9 @@ <?php /* siproxd_registered_phones.php + part of pfSense (https://www.pfSense.org/) Copyright (C) 2010 Jim Pingle + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -36,8 +38,7 @@ ##|*MATCH=siproxd_registered_phones.php* ##|-PRIV -require("guiconfig.inc"); -$pgtitle = array(gettext("Status"), gettext("siproxd Registered Phones")); +require_once("guiconfig.inc"); $phonetext = file_get_contents("/var/siproxd/siproxd_registrations"); $phonedata = explode("\n", $phonetext); @@ -47,27 +48,28 @@ if (!is_array($phonedata)) { } $activephones = array(); -for ($i=0; $i < count($phonedata); $i++) { +for ($i = 0; $i < count($phonedata); $i++) { list($stars, $active, $expires) = explode(":", $phonedata[$i]); if ($active == "1") { $phone = array(); $phone["expires"] = $expires; - $phone["real"]["type"] = $phonedata[++$i]; - $phone["real"]["user"] = $phonedata[++$i]; - $phone["real"]["host"] = $phonedata[++$i]; - $phone["real"]["port"] = $phonedata[++$i]; - $phone["nat"]["type"] = $phonedata[++$i]; - $phone["nat"]["user"] = $phonedata[++$i]; - $phone["nat"]["host"] = $phonedata[++$i]; - $phone["nat"]["port"] = $phonedata[++$i]; - $phone["registered"]["type"] = $phonedata[++$i]; - $phone["registered"]["user"] = $phonedata[++$i]; - $phone["registered"]["host"] = $phonedata[++$i]; - $phone["registered"]["port"] = $phonedata[++$i]; + $phone["real"]["type"] = $phonedata[++$i]; + $phone["real"]["user"] = $phonedata[++$i]; + $phone["real"]["host"] = $phonedata[++$i]; + $phone["real"]["port"] = $phonedata[++$i]; + $phone["nat"]["type"] = $phonedata[++$i]; + $phone["nat"]["user"] = $phonedata[++$i]; + $phone["nat"]["host"] = $phonedata[++$i]; + $phone["nat"]["port"] = $phonedata[++$i]; + $phone["registered"]["type"] = $phonedata[++$i]; + $phone["registered"]["user"] = $phonedata[++$i]; + $phone["registered"]["host"] = $phonedata[++$i]; + $phone["registered"]["port"] = $phonedata[++$i]; $activephones[] = $phone; } } +$pgtitle = array(gettext("Status"), gettext("siproxd Registered Phones")); require("head.inc"); ?> @@ -77,8 +79,7 @@ require("head.inc"); <br /> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td> +<tr><td> <?php $tab_array = array(); $tab_array[] = array(gettext("Settings"), false, "pkg_edit.php?xml=siproxd.xml&id=0"); @@ -86,76 +87,73 @@ require("head.inc"); $tab_array[] = array(gettext("Registered Phones"), true, "siproxd_registered_phones.php"); display_top_tabs($tab_array); ?> - </td> - </tr> - - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> - <thead> - <tr> - <td colspan="16" class="listtopic"><?php echo gettext("Currently Registered Phones") . " (" . count($activephones) . ")"; ?></td> - </tr> - <tr> - <th colspan="5">Real Phone</th> - <th colspan="5">NAT Address</th> - <th colspan="4">Registered With</th> - <th colspan="2"> </th> - </tr> - <tr> - <th>Type</th> - <th>User</th> - <th>Host</th> - <th>Port</th> - <th> </th> - <th>Type</th> - <th>User</th> - <th>Host</th> - <th>Port</th> - <th> </th> - <th>Type</th> - <th>User</th> - <th>Host</th> - <th>Port</th> - <th> </th> - <th>Expires</th> - </tr> - </thead> - <?php if (count($phonedata) == 0): ?> - <tr><td colspan="16" align="center">No Phone Data Found</td></tr> - <? elseif (count($activephones) == 0): ?> - <tr><td colspan="16" align="center">No Active Phones</td></tr> - <? else: ?> - <? foreach ($activephones as $phone): ?> - <tr> - <td align="center" class="listlr"><? echo ($phone['real']['type']) ? $phone['real']['type'] : "sip"; ?></td> - <td align="center" class="listr"><? echo ($phone['real']['user']) ? $phone['real']['user'] : " "; ?></td> - <td align="center" class="listr"><? echo ($phone['real']['host']) ? $phone['real']['host'] : " "; ?></td> - <td align="center" class="listr"><? echo ($phone['real']['port']) ? $phone['real']['port'] : "5060"; ?></td> - - <td align="center" class="list"> </td> - <td align="center" class="listlr"><? echo ($phone['nat']['type']) ? $phone['nat']['type'] : "sip"; ?></td> - <td align="center" class="listr"><? echo ($phone['nat']['user']) ? $phone['nat']['user'] : " "; ?></td> - <td align="center" class="listr"><? echo ($phone['nat']['host']) ? $phone['nat']['host'] : " "; ?></td> - <td align="center" class="listr"><? echo ($phone['nat']['port']) ? $phone['nat']['port'] : "5060"; ?></td> - - <td align="center" class="list"> </td> - <td align="center" class="listlr"><? echo ($phone['registered']['type']) ? $phone['registered']['type'] : "sip"; ?></td> - <td align="center" class="listr"><? echo ($phone['registered']['user']) ? $phone['registered']['user'] : " "; ?></td> - <td align="center" class="listr"><? echo ($phone['registered']['host']) ? $phone['registered']['host'] : " "; ?></td> - <td align="center" class="listr"><? echo ($phone['registered']['port']) ? $phone['registered']['port'] : "5060"; ?></td> - - <td align="center" class="list"> </td> - <td align="center" class="listlr"><? echo date("m/d/Y h:i:sa", $phone['expires']); ?></td> - </tr> - <? endforeach; ?> - <? endif; ?> - </table> - </div> - </td> - </tr> - +</td></tr> + +<tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> + <thead> + <tr> + <td colspan="16" class="listtopic"><?php echo gettext("Currently Registered Phones") . " (" . count($activephones) . ")"; ?></td> + </tr> + <tr> + <th colspan="5">Real Phone</th> + <th colspan="5">NAT Address</th> + <th colspan="4">Registered With</th> + <th colspan="2"> </th> + </tr> + <tr> + <th>Type</th> + <th>User</th> + <th>Host</th> + <th>Port</th> + <th> </th> + <th>Type</th> + <th>User</th> + <th>Host</th> + <th>Port</th> + <th> </th> + <th>Type</th> + <th>User</th> + <th>Host</th> + <th>Port</th> + <th> </th> + <th>Expires</th> + </tr> + </thead> + + <?php if (count($phonedata) == 0): ?> + <tr><td colspan="16" align="center">No Phone Data Found</td></tr> + <? elseif (count($activephones) == 0): ?> + <tr><td colspan="16" align="center">No Active Phones</td></tr> + <? else: ?> + <? foreach ($activephones as $phone): ?> + <tr> + <td align="center" class="listlr"><? echo ($phone['real']['type']) ? $phone['real']['type'] : "sip"; ?></td> + <td align="center" class="listr"><? echo ($phone['real']['user']) ? $phone['real']['user'] : " "; ?></td> + <td align="center" class="listr"><? echo ($phone['real']['host']) ? $phone['real']['host'] : " "; ?></td> + <td align="center" class="listr"><? echo ($phone['real']['port']) ? $phone['real']['port'] : "5060"; ?></td> + + <td align="center" class="list"> </td> + <td align="center" class="listlr"><? echo ($phone['nat']['type']) ? $phone['nat']['type'] : "sip"; ?></td> + <td align="center" class="listr"><? echo ($phone['nat']['user']) ? $phone['nat']['user'] : " "; ?></td> + <td align="center" class="listr"><? echo ($phone['nat']['host']) ? $phone['nat']['host'] : " "; ?></td> + <td align="center" class="listr"><? echo ($phone['nat']['port']) ? $phone['nat']['port'] : "5060"; ?></td> + + <td align="center" class="list"> </td> + <td align="center" class="listlr"><? echo ($phone['registered']['type']) ? $phone['registered']['type'] : "sip"; ?></td> + <td align="center" class="listr"><? echo ($phone['registered']['user']) ? $phone['registered']['user'] : " "; ?></td> + <td align="center" class="listr"><? echo ($phone['registered']['host']) ? $phone['registered']['host'] : " "; ?></td> + <td align="center" class="listr"><? echo ($phone['registered']['port']) ? $phone['registered']['port'] : "5060"; ?></td> + + <td align="center" class="list"> </td> + <td align="center" class="listlr"><? echo date("m/d/Y h:i:sa", $phone['expires']); ?></td> + </tr> + <? endforeach; ?> + <? endif; ?> + </table> + </div> +</td></tr> </table> <?php include("fend.inc"); ?> diff --git a/config/siproxd/siproxdusers.xml b/config/siproxd/siproxdusers.xml index 7a636a3b..6dd53efe 100644 --- a/config/siproxd/siproxdusers.xml +++ b/config/siproxd/siproxdusers.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> <![CDATA[ @@ -43,9 +43,9 @@ ]]> </copyright> <name>siproxdusers</name> - <version>1.0.5</version> + <version>1.0.6</version> <title>siproxd: Users</title> - <include_file>/usr/local/pkg/siproxd.inc</include_file> + <include_file>/usr/local/pkg/siproxd.inc</include_file> <tabs> <tab> <text>Settings</text> @@ -93,9 +93,9 @@ </field> </fields> <custom_add_php_command> - sync_package_sipproxd_users(); + sync_package_siproxd_users(); </custom_add_php_command> <custom_php_resync_config_command> - sync_package_sipproxd_users(); + sync_package_siproxd_users(); </custom_php_resync_config_command> </packagegui> diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 027207b1..b7d4299e 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -45,11 +45,6 @@ ini_set("memory_limit", "384M"); // Explicitly declare this as global so it works through function call includes global $g, $config, $rebuild_rules; -// Grab the Snort binary version programmatically, but if that fails use a safe default -$snortver = array(); -$snortbindir = SNORT_PBI_BINDIR; -exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); - /* Rebuild Rules Flag -- if "true", rebuild enforcing rules and flowbit-rules files */ $rebuild_rules = false; @@ -292,7 +287,8 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern if (empty($list)) return $list; $localnet = $list['localnets']; - $wanip = $list['wanips']; +// $wanip = $list['wanips']; + $wanip = 'yes'; $wangw = $list['wangateips']; $wandns = $list['wandnsips']; $vips = $list['vips']; @@ -471,7 +467,7 @@ function snort_build_list($snortcfg, $listname = "", $whitelist = false, $extern /* iterate all vips and add to whitelist */ if (is_array($config['virtualip']) && is_array($config['virtualip']['vip'])) { foreach($config['virtualip']['vip'] as $vip) { - if ($vip['subnet'] && $vip['mode'] != 'proxyarp') { + if ($vip['subnet']) { if (!in_array("{$vip['subnet']}/{$vip['subnet_bits']}", $home_net)) $home_net[] = "{$vip['subnet']}/{$vip['subnet_bits']}"; } @@ -3454,7 +3450,7 @@ function snort_prepare_rule_files($snortcfg, $snortcfgdir) { /* Build a new sid-msg.map file from the enabled */ /* rules and copy it to the interface directory. */ - log_error(gettext("[Snort] Building new sig-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); + log_error(gettext("[Snort] Building new sid-msg.map file for " . convert_friendly_interface_to_friendly_descr($snortcfg['interface']) . "...")); snort_build_sid_msg_map("{$snortcfgdir}/rules/", "{$snortcfgdir}/sid-msg.map"); } @@ -3752,8 +3748,8 @@ function snort_sync_on_changes() { $syncdownloadrules = $snort_sync['vardownloadrules']; switch ($synconchanges){ case "manual": - if (is_array($snort_sync[row])){ - $rs=$snort_sync[row]; + if (is_array($snort_sync['row'])){ + $rs=$snort_sync['row']; } else{ log_error("[snort] xmlrpc sync is enabled but there are no hosts configured as replication targets."); @@ -3761,8 +3757,8 @@ function snort_sync_on_changes() { } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; + if (is_array($config['hasync'])) { + $system_carp=$config['hasync']; $rs[0]['varsyncipaddress']=$system_carp['synchronizetoip']; $rs[0]['varsyncusername']=$system_carp['username']; $rs[0]['varsyncpassword']=$system_carp['password']; diff --git a/config/snort/snort.xml b/config/snort/snort.xml index e3e1cdad..18e6ef20 100755 --- a/config/snort/snort.xml +++ b/config/snort/snort.xml @@ -45,7 +45,7 @@ </copyright> <description>Snort IDS/IPS Package</description> <name>Snort</name> - <version>3.2.6</version> + <version>3.2.8</version> <title>Services: Snort IDS</title> <include_file>/usr/local/pkg/snort/snort.inc</include_file> <menu> diff --git a/config/snort/snort_check_for_rule_updates.php b/config/snort/snort_check_for_rule_updates.php index 0c4543cd..123661e4 100755 --- a/config/snort/snort_check_for_rule_updates.php +++ b/config/snort/snort_check_for_rule_updates.php @@ -64,19 +64,14 @@ $openappid_detectors = $config['installedpackages']['snortglobal']['openappid_de /* Working directory for downloaded rules tarballs and extraction */ $tmpfname = "{$g['tmp_path']}/snort_rules_up"; -/* Grab the Snort binary version programmatically and use it to construct */ -/* the proper Snort VRT rules tarball and md5 filenames. Fallback to a */ -/* default in the event we fail. */ -$snortver = array(); -exec("{$snortbindir}snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); -// Save the version with decimal delimiters for use in extracting the rules -$snort_version = $snortver[0]; -if (empty($snort_version)) - $snort_version = SNORT_BIN_VERSION; +/* Use the Snort binary version to construct the proper Snort VRT */ +/* rules tarball and md5 filenames. Save the version with decimal */ +/* delimiters for use in extracting the rules. */ +$snort_version = SNORT_BIN_VERSION; // Create a collapsed version string for use in the tarball filename -$snortver[0] = str_replace(".", "", $snortver[0]); -$snort_filename = "snortrules-snapshot-{$snortver[0]}.tar.gz"; +$snortver = str_replace(".", "", SNORT_BIN_VERSION); +$snort_filename = "snortrules-snapshot-{$snortver}.tar.gz"; $snort_filename_md5 = "{$snort_filename}.md5"; $snort_rule_url = VRT_DNLD_URL; diff --git a/config/snort/snort_defs.inc b/config/snort/snort_defs.inc index 3f5c82e5..ac09db44 100644 --- a/config/snort/snort_defs.inc +++ b/config/snort/snort_defs.inc @@ -49,13 +49,12 @@ if (!defined("SNORTLOGDIR")) define("SNORTLOGDIR", "{$g['varlog_path']}/snort"); if (!defined("SNORT_BIN_VERSION")) { // Grab the Snort binary version programmatically - $snortver = array(); $snortbindir = SNORT_PBI_BINDIR; - mwexec("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26", $snortver); - if (!empty($snortver[0])) - define("SNORT_BIN_VERSION", $snortver[0]); + $snortver = exec_command("{$snortbindir}/snort -V 2>&1 |/usr/bin/grep Version | /usr/bin/cut -c20-26"); + if (!empty($snortver)) + define("SNORT_BIN_VERSION", $snortver); else - define("SNORT_BIN_VERSION", "2.9.7.3"); + define("SNORT_BIN_VERSION", "2.9.7.5"); } if (!defined("SNORT_SID_MODS_PATH")) define('SNORT_SID_MODS_PATH', "{$g['vardb_path']}/snort/sidmods/"); diff --git a/config/snort/snort_migrate_config.php b/config/snort/snort_migrate_config.php index ae1daf6a..edcbb2d5 100644 --- a/config/snort/snort_migrate_config.php +++ b/config/snort/snort_migrate_config.php @@ -541,10 +541,10 @@ unset($r); // Log a message if we changed anything if ($updated_cfg) { - $config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; log_error("[Snort] Settings successfully migrated to new configuration format..."); } -else +else { log_error("[Snort] Configuration version is current..."); +} ?> diff --git a/config/snort/snort_passlist.php b/config/snort/snort_passlist.php index 965f22d7..1b377a1f 100644 --- a/config/snort/snort_passlist.php +++ b/config/snort/snort_passlist.php @@ -197,7 +197,8 @@ if ($savemsg) { <p><?php echo gettext("1. Here you can create Pass List files for your Snort package rules. Hosts on a Pass List are never blocked by Snort."); ?><br/> <?php echo gettext("2. Add all the IP addresses or networks (in CIDR notation) you want to protect against Snort block decisions."); ?><br/> <?php echo gettext("3. The default Pass List includes the WAN IP and gateway, defined DNS servers, VPNs and locally-attached networks."); ?><br/> - <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?></p></span></td> + <?php echo gettext("4. Be careful, it is very easy to get locked out of your system by altering the default settings."); ?><br/> + <?php echo gettext("5. To use a custom Pass List on an interface, you must manually assign the list using the drop-down control on the Interface Settings tab."); ?></p></span></td> </tr> <tr> <td width="100%"><span class="vexpl"><?php echo gettext("Remember you must restart Snort on the interface for changes to take effect!"); ?></span></td> diff --git a/config/snort/snort_passlist_edit.php b/config/snort/snort_passlist_edit.php index 75724344..25ebcc82 100644 --- a/config/snort/snort_passlist_edit.php +++ b/config/snort/snort_passlist_edit.php @@ -3,7 +3,7 @@ * snort_passlist_edit.php * Copyright (C) 2004 Scott Ullrich * Copyright (C) 2011-2012 Ermal Luci - * Copyright (C) 2014 Bill Meeks + * Copyright (C) 2015 Bill Meeks * All rights reserved. * * originially part of m0n0wall (http://m0n0.ch/wall) @@ -71,7 +71,7 @@ if (isset($id) && isset($a_passlist[$id])) { $pconfig['address'] = $a_passlist[$id]['address']; $pconfig['descr'] = html_entity_decode($a_passlist[$id]['descr']); $pconfig['localnets'] = $a_passlist[$id]['localnets']; - $pconfig['wanips'] = $a_passlist[$id]['wanips']; +// $pconfig['wanips'] = $a_passlist[$id]['wanips']; $pconfig['wangateips'] = $a_passlist[$id]['wangateips']; $pconfig['wandnsips'] = $a_passlist[$id]['wandnsips']; $pconfig['vips'] = $a_passlist[$id]['vips']; @@ -87,7 +87,7 @@ if ($_GET['act'] == "import") { $pconfig['address'] = htmlspecialchars($_GET['address']); $pconfig['descr'] = htmlspecialchars($_GET['descr']); $pconfig['localnets'] = htmlspecialchars($_GET['localnets'])? 'yes' : 'no'; - $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; +// $pconfig['wanips'] = htmlspecialchars($_GET['wanips'])? 'yes' : 'no'; $pconfig['wangateips'] = htmlspecialchars($_GET['wangateips'])? 'yes' : 'no'; $pconfig['wandnsips'] = htmlspecialchars($_GET['wandnsips'])? 'yes' : 'no'; $pconfig['vips'] = htmlspecialchars($_GET['vips'])? 'yes' : 'no'; @@ -168,7 +168,7 @@ if ($_POST['save']) { $p_list['name'] = $_POST['name']; $p_list['uuid'] = $passlist_uuid; $p_list['localnets'] = $_POST['localnets']? 'yes' : 'no'; - $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; +// $p_list['wanips'] = $_POST['wanips']? 'yes' : 'no'; $p_list['wangateips'] = $_POST['wangateips']? 'yes' : 'no'; $p_list['wandnsips'] = $_POST['wandnsips']? 'yes' : 'no'; $p_list['vips'] = $_POST['vips']? 'yes' : 'no'; @@ -255,7 +255,6 @@ if ($savemsg) <tr> <td colspan="2" valign="top" class="listtopic"><?php echo gettext("Add auto-generated IP Addresses."); ?></td> </tr> - <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("Local Networks"); ?></td> <td width="78%" class="vtable"><input name="localnets" type="checkbox" @@ -263,14 +262,6 @@ if ($savemsg) <?php if($pconfig['localnets'] == 'yes'){ echo "checked";} if($pconfig['localnets'] == ''){ echo "checked";} ?> /> <span class="vexpl"> <?php echo gettext("Add firewall Local Networks to the list (excluding WAN)."); ?> </span></td> </tr> - - <tr> - <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN IPs"); ?></td> - <td width="78%" class="vtable"><input name="wanips" type="checkbox" - id="wanips" size="40" value="yes" - <?php if($pconfig['wanips'] == 'yes'){ echo "checked";} if($pconfig['wanips'] == ''){ echo "checked";} ?> /> - <span class="vexpl"> <?php echo gettext("Add WAN interface IPs to the list."); ?> </span></td> - </tr> <tr> <td width="22%" valign="top" class="vncell"><?php echo gettext("WAN Gateways"); ?></td> <td width="78%" class="vtable"><input name="wangateips" diff --git a/config/snort/snort_post_install.php b/config/snort/snort_post_install.php index 280f0efe..bbb2642c 100644 --- a/config/snort/snort_post_install.php +++ b/config/snort/snort_post_install.php @@ -265,8 +265,8 @@ if (stristr($config['widgets']['sequence'], "snort_alerts-container") === FALSE) $config['widgets']['sequence'] .= ",{$snort_widget_container}"; /* Update Snort package version in configuration */ -$config['installedpackages']['snortglobal']['snort_config_ver'] = "3.2.6"; -write_config("Snort pkg v3.2.6: post-install configuration saved."); +$config['installedpackages']['snortglobal']['snort_config_ver'] = $config['installedpackages']['package'][get_pkg_id("snort")]['version']; +write_config("Snort pkg v{$config['installedpackages']['package'][get_pkg_id("snort")]['version']}: post-install configuration saved."); /* Done with post-install, so clear flag */ unset($g['snort_postinstall']); diff --git a/config/softflowd/softflowd.xml b/config/softflowd/softflowd.xml index adf5359c..c3a2fa2f 100644 --- a/config/softflowd/softflowd.xml +++ b/config/softflowd/softflowd.xml @@ -39,7 +39,7 @@ ]]> </copyright> <name>softflowd</name> - <version>1.2</version> + <version>1.2.1</version> <title>softflowd: Settings</title> <aftersaveredirect>pkg_edit.php?xml=softflowd.xml&id=0</aftersaveredirect> <menu> @@ -243,7 +243,11 @@ ) ); /* Only try to restart if not booting */ - if (!platform_booting()) { + if (function_exists("platform_booting")) { + if (!platform_booting()) { + restart_service("softflowd"); + } + } elseif (!($g['booting'])) { restart_service("softflowd"); } } diff --git a/config/spamd/spamd.inc b/config/spamd/spamd.inc index a7be4587..f481da54 100644 --- a/config/spamd/spamd.inc +++ b/config/spamd/spamd.inc @@ -1,9 +1,9 @@ <?php -/* $Id$ */ /* spamd.inc - part of the SpamD package for pfSense + part of pfSense (https://www.pfSense.org/) Copyright (C) 2008 Scott Ullrich + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,29 +26,28 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -if(!function_exists("filter_configure")) +if (!function_exists("filter_configure")) { require_once("filter.inc"); +} function sync_package_spamd() { - global $config, $g; - $pf_version = substr(trim(file_get_contents("/etc/version")),0,3); + global $config, $localpath; + $pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version != "2.2") { $localpath = "/usr/local"; } else { $ARCH = php_uname("m"); $localpath = "/usr/pbi/spamd-$ARCH/local"; } - + conf_mount_rw(); $fd = fopen("/etc/spamd.conf","w"); /* all header */ fwrite($fd, "all:\\\n\t:whitelist:blacklist"); - if($config['installedpackages']['spamdsources']['config']) { - foreach($config['installedpackages']['spamdsources']['config'] as $spamd) { - if($spamd['providername']) { + if ($config['installedpackages']['spamdsources']['config']) { + foreach ($config['installedpackages']['spamdsources']['config'] as $spamd) { + if ($spamd['providername']) { fwrite($fd, ":" . remove_spaces($spamd['providername'])); } } @@ -64,12 +63,12 @@ function sync_package_spamd() { fwrite($fd, "\t:msg=\"Sorry, you spammed us before.\":\\\n"); fwrite($fd, "\t:method=file:\\\n"); fwrite($fd, "\t:file=/var/db/blacklist.txt:\n\n"); - log_error("Looping through each item and write out its configuration"); + log_error("[spamd] Looping through each item and write out its configuration"); /* loop through each item and write out its configuration */ - if($config['installedpackages']['spamdsources']['config'] != "") { - foreach($config['installedpackages']['spamdsources']['config'] as $spamd) { - if(remove_spaces($spamd['providername'])) { - if($spamd['providername']) { + if ($config['installedpackages']['spamdsources']['config'] != "") { + foreach ($config['installedpackages']['spamdsources']['config'] as $spamd) { + if (remove_spaces($spamd['providername'])) { + if ($spamd['providername']) { fwrite($fd, remove_spaces($spamd['providername']) . ":\\\n"); fwrite($fd, "\t:" . remove_spaces($spamd['providertype']) . ":\\\n"); fwrite($fd, "\t:msg=\"" . rtrim($spamd['rejectmessage']) . "\":\\\n"); @@ -83,12 +82,13 @@ function sync_package_spamd() { } } fclose($fd); - log_error("Creating /var/db/whitelist.txt"); + log_error("[spamd] Creating /var/db/whitelist.txt"); $fd = fopen("/var/db/whitelist.txt","w"); - if($config['installedpackages']['spamdwhitelist']['config'] != "") { - foreach($config['installedpackages']['spamdwhitelist']['config'] as $spamd) { - if($spamd['ip']) + if ($config['installedpackages']['spamdwhitelist']['config'] != "") { + foreach ($config['installedpackages']['spamdwhitelist']['config'] as $spamd) { + if ($spamd['ip']) { fwrite($fd, $spamd['ip'] . "\n"); + } } } fclose($fd); @@ -100,38 +100,50 @@ function sync_package_spamd() { $maxblack = ""; $stuttersecs = ""; $delaysecs = ""; - log_error("Looping through spamdsettings"); - if($config['installedpackages']['spamdsettings']['config']) { - foreach($config['installedpackages']['spamdsettings']['config'] as $ss) { - if($ss['nextmta'] <> "") - $nextmta = $ss['nextmta']; - if($ss['greylistingparms'] <> "") + log_error("[spamd] Looping through spamdsettings"); + if ($config['installedpackages']['spamdsettings']['config']) { + foreach ($config['installedpackages']['spamdsettings']['config'] as $ss) { + if ($ss['next_mta'] != "") { + $nextmta = $ss['next_mta']; + } + if ($ss['greylistingparms'] != "") { $passtime = " -G " . $ss['greylistingparms']; - if($ss['identifier'] <> "") + } + if ($ss['identifier'] != "") { $identifier = " -n \"" . $ss['identifier'] . "\""; + } // Default is greylisting, turn on blacklisting if not checked. - if($ss['greylisting'] <> "on") + if ($ss['greylisting'] != "on") { $greylisting = " -b"; - if($ss['maxblack'] <> "") + } + if ($ss['maxblack'] != "") { $maxblack = " -B " . $ss['maxblack']; - if($ss['maxcon'] <> "") + } + if ($ss['maxcon'] != "") { $maxcon = " -c " . $ss['maxcon']; - if($ss['stuttersecs'] <> "") + } + if ($ss['stuttersecs'] != "") { $stuttersecs = " -S " . $ss['stuttersecs']; - if($ss['delaysecs'] <> "") + } + if ($ss['delaysecs'] != "") { $delaysecs = " -s " . $ss['delaysecs']; - if($ss['window'] <> "") + } + if ($ss['window'] != "") { $window = " -w " . $ss['window']; - if($ss['passtime'] <> "") + } + if ($ss['passtime'] != "") { $passtime = $ss['passtime']; - if($ss['greyexp'] <> "") + } + if ($ss['greyexp'] != "") { $greyexp = $ss['greyexp']; - if($ss['whiteexp'] <> "") + } + if ($ss['whiteexp'] != "") { $whiteexp = $ss['whiteexp']; + } } } $greyparms = " -G {$passtime}:{$greyexp}:{$whiteexp}"; - $start = "if [ `mount | grep -v grep | grep fdescfs | wc -l` -lt 1 ]; then \n" . + $start = "if [ `/sbin/mount | /usr/bin/grep -v grep | /usr/bin/grep fdescfs | /usr/bin/wc -l` -lt 1 ]; then \n" . "/sbin/mount -t fdescfs fdescfs /dev/fd\n" . "fi\n" . "/usr/local/sbin/spamd-setup -d &\n" . @@ -142,32 +154,25 @@ function sync_package_spamd() { "/usr/bin/killall spamlogd\n" . "/usr/bin/killall spamd\n" . "/usr/bin/killall pflogd\n" . - "sleep 2"; - log_error("Writing rc_file"); + "sleep 3"; + log_error("[spamd] Writing rc_file"); write_rcfile(array( "file" => "spamd.sh", "start" => $start, "stop" => $stop ) ); - log_error("Installing CRON"); - spamd_install_cron(true); - log_error("Mounting RO"); - conf_mount_ro(); - log_error("Restart cron"); - mwexec("killall -HUP cron"); - log_error("Setting up spamd.conf symlink"); + log_error("[spamd] Installing cron job"); + install_cron_job("/usr/bin/nice -n20 /usr/local/sbin/spamd-setup", true, "*/120"); + log_error("[spamd] Setting up spamd.conf symlink"); unlink_if_exists("$localpath/etc/spamd/spamd.conf"); symlink("/etc/spamd.conf", "$localpath/etc/spamd/spamd.conf"); - - log_error("Stopping spamd"); - mwexec("/usr/local/etc/rc.d/spamd.sh stop"); - sleep(1); - log_error("Starting spamd"); - mwexec_bg("/usr/local/etc/rc.d/spamd.sh start"); - log_error("Reconfiguring filter"); + conf_mount_ro(); + log_error("[spamd] Restarting spamd"); + restart_service("spamd"); + log_error("[spamd] Reconfiguring filter"); filter_configure(); - log_error("SpamD setup completed"); + log_error("[spamd] Package setup completed"); } function sync_package_spamd_whitelist() { @@ -175,8 +180,8 @@ function sync_package_spamd_whitelist() { conf_mount_rw(); /* write out ip to the whitelist db */ $fd = fopen("/var/db/whitelist.txt","w"); - if($config['installedpackages']['spamdwhitelist']['config'] != "") { - foreach($config['installedpackages']['spamdwhitelist']['config'] as $spamd) { + if ($config['installedpackages']['spamdwhitelist']['config'] != "") { + foreach ($config['installedpackages']['spamdwhitelist']['config'] as $spamd) { fwrite($fd, $spamd['ip'] . "\n"); } } @@ -208,7 +213,7 @@ function spamd_generate_rules($type) { } if ($spamdconfig) { - $nextmta = $spamdconfig['nextmta']; + $nextmta = $spamdconfig['next_mta']; $spamdbinds = explode(',', $spamdconfig['spamdbinds_array']); if (is_array($spamdbinds)) { foreach ($spamdbinds as $interface) { @@ -219,7 +224,7 @@ function spamd_generate_rules($type) { $natrules .= "rdr pass on {$wanif} proto tcp from <blacklist> to port smtp -> 127.0.0.1 port spamd\n"; $natrules .= "rdr pass on {$wanif} proto tcp from <spamd> to port smtp -> 127.0.0.1 port spamd\n"; $natrules .= "rdr pass on {$wanif} proto tcp from !<spamd-white> to port smtp -> 127.0.0.1 port spamd\n"; - if ($nextmta <> "") { + if ($nextmta != "") { $natrules .= "rdr pass on {$wanif} proto tcp from <spamd-white> to port smtp -> {$nextmta} port smtp\n"; } } @@ -229,7 +234,7 @@ function spamd_generate_rules($type) { break; } - + return $natrules; } @@ -239,28 +244,29 @@ function remove_spaces($string) { } function sync_spamd_config_to_backup() { - global $g, $config; - if(is_array($config['installedpackages']['carpsettings']['config'])) { - foreach($config['installedpackages']['carpsettings']['config'] as $carp) { - if($carp['synchronizetoip'] != "" ) { + global $config; + if (is_array($config['installedpackages']['carpsettings']['config'])) { + foreach ($config['installedpackages']['carpsettings']['config'] as $carp) { + if ($carp['synchronizetoip'] != "" ) { $synctoip = $carp['synchronizetoip']; $password = $carp['password']; - if($config['system']['username']) + if ($config['system']['username']) { $username = $config['system']['username']; - else + } else { $username = "admin"; + } } } } - if($synctoip and $password) { - if($config['system']['webgui']['protocol'] != "") { + if ($synctoip and $password) { + if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; } $port = $config['system']['webgui']['port']; /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") { + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") { $port = "80"; } else { $port = "443"; @@ -270,7 +276,7 @@ function sync_spamd_config_to_backup() { /* create files to sync array */ $filetosync = array("/var/db/spamd", "/var/db/whitelist.txt"); /* loop through files to sync list and sync them up */ - foreach($filetosync as $f2s) { + foreach ($filetosync as $f2s) { $f2c_contents = file_get_contents($f2s); xmlrpc_sync_file($url, $password, $f2s, $f2c_contents, $port); } @@ -281,85 +287,35 @@ function sync_spamd_config_to_backup() { } function custom_php_install_command() { - global $config, $g; + global $config; system("touch /var/db/whitelist.txt"); system("touch /var/db/blacklist.txt"); - sync_package_spamd(); - conf_mount_rw(); exec("/usr/sbin/pw usermod _spamd -g proxy -G _spamd,proxy"); - exec("/bin/cp /usr/local/etc/spamd/spamd.conf.sample /usr/local/etc/spamd/spamd.conf"); - conf_mount_ro(); + sync_package_spamd(); } function custom_php_deinstall_command() { - global $config, $g; - conf_mount_rw(); - exec("killall -9 spamd"); + global $config; unlink_if_exists("/usr/local/pkg/pf/spamd_rules.php"); - unlink_if_exists("/usr/local/www/spamd_rules.php"); - unlink_if_exists("/usr/local/etc/rc.d/spamd.sh"); - spamd_install_cron(false); - conf_mount_ro(); - filter_configure(); -} - -function spamd_install_cron($should_install) { - global $config, $g; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "spamd-setup")) { - $is_installed = true; - break; - } - $x++; + install_cron_job("/usr/bin/nice -n20 /usr/local/sbin/spamd-setup", false); + /* clean up user/groups */ + if (exec("/usr/sbin/pw groupshow proxy | /usr/bin/grep _spamd")) { + exec ("/usr/sbin/pw groupmod proxy -d _spamd"); } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/120"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 /usr/local/sbin/spamd-setup"; - $config['cron']['item'][] = $cron_item; - write_config("Installed SPAMD crontab entries."); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - } - configure_cron(); - } - break; + if (exec("/usr/sbin/pw usershow _spamd")) { + exec("/usr/sbin/pw userdel _spamd"); + } + if (exec("/usr/sbin/pw groupshow _spamd")) { + exec("/usr/sbin/pw groupdel _spamd"); } + filter_configure(); } function spamd_validate_input($post, &$input_errors) { - global $config, $g; - $nextmta = str_replace("$", "", $post['nextmta']); - if(stristr($nextmta, "{")) { - /* item is an alias, make sure the name exists */ - $nextmta = str_replace("$", "", $nextmta); - $found = false; - if($config['aliases']['alias']) { - foreach($config['aliases']['alias'] as $alias) { - if($alias['name'] == $nextmta) { - $found = true; - } - } + if (!empty($post["next_mta"])) { + if (!is_ipaddrv4($post['next_mta'])) { + $input_errors[] = "NextMTA is not a valid IPv4 address"; } - if($found == false) - $intput_errors = "Could not locate alias named " . htmlentities($nextmta); } } diff --git a/config/spamd/spamd.xml b/config/spamd/spamd.xml index 45cc9168..de03d224 100644 --- a/config/spamd/spamd.xml +++ b/config/spamd/spamd.xml @@ -1,63 +1,62 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - spamd.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + spamd.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>spamdsources</name> - <version>4.9.1 v1.1</version> + <version>1.1.5</version> <title>SpamD: External Sources</title> <include_file>/usr/local/pkg/spamd.inc</include_file> <backup_file>/var/db/spamd</backup_file> - <!-- Menu is where this packages menu will appear --> <menu> <name>SpamD</name> <section>Services</section> <configfile>spamd.xml</configfile> </menu> <service> - <name>spamd</name> - <rcfile>spamd.sh</rcfile> - <executable>spamd</executable> - <description>SPAMD Greylisting Daemon</description> - </service> + <name>spamd</name> + <rcfile>spamd.sh</rcfile> + <executable>spamd</executable> + <description>SpamD Greylisting Daemon</description> + </service> <tabs> <tab> <text>SpamD External Sources</text> @@ -77,8 +76,6 @@ <url>/spamd_db.php</url> </tab> </tabs> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> <configpath>['installedpackages']['spamd']['config']</configpath> <adddeleteeditpagefields> <columnitem> @@ -94,82 +91,55 @@ <fieldname>providerdescription</fieldname> </columnitem> </adddeleteeditpagefields> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/spamd/spamd_rules.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/spamd/spamd_whitelist.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/spamd/spamd_outlook.xml</item> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_whitelist.xml</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/spamd/spamd.inc</item> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/spamd/spamd.inc</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/spamd/spamd_settings.xml</item> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_settings.xml</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/spamd/spamd_db.php</item> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> + <item>https://packages.pfsense.org/packages/config/spamd/spamd_db.php</item> </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/spamd/spamd_db_ext.php</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/spamd/spamd_gather_stats.php</item> - </additional_files_needed> - - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Provider Name</fielddescr> <fieldname>providername</fieldname> - <description>Enter the name of the source</description> + <description>Enter the name of the source.</description> <type>input</type> <size>30</size> </field> <field> <fielddescr>Provider Type</fielddescr> <fieldname>providertype</fieldname> - <description>Select the Provider Type</description> + <description>Select the Provider Type.</description> <type>select</type> <size>1</size> <value>black</value> <options> - <option><name>Black List</name><value>black</value></option> - <option><name>White List</name><value>white</value></option> + <option><name>Black List</name><value>black</value></option> + <option><name>White List</name><value>white</value></option> </options> </field> <field> <fielddescr>Provider Description</fielddescr> <fieldname>providerdescription</fieldname> - <description>Enter the description for this item</description> + <description>Enter the description for this item.</description> <type>textarea</type> <size>30</size> - <cols>40</cols> + <cols>40</cols> <rows>4</rows> </field> <field> <fielddescr>Reject message</fielddescr> <fieldname>rejectmessage</fieldname> - <description>Enter the message to display to emailing parties that are on this providers list</description> + <description>Enter the message to display to emailing parties that are on this providers list.</description> <type>textarea</type> <size>30</size> <cols>40</cols> @@ -178,14 +148,14 @@ <field> <fielddescr>Provider Method</fielddescr> <fieldname>providermethod</fieldname> - <description>Select the Provider Method</description> + <description>Select the Provider Method.</description> <type>select</type> <size>1</size> <value>http</value> <options> <option><name>File</name><value>file</value></option> - <option><name>URL</name><value>http</value></option> - <option><name>Execute command</name><value>exec</value></option> + <option><name>URL</name><value>http</value></option> + <option><name>Execute command</name><value>exec</value></option> </options> </field> <field> @@ -209,5 +179,7 @@ <custom_php_deinstall_command> custom_php_deinstall_command(); </custom_php_deinstall_command> - <filter_rules_needed>spamd_generate_rules</filter_rules_needed> + <filter_rules_needed> + spamd_generate_rules(); + </filter_rules_needed> </packagegui> diff --git a/config/spamd/spamd_db.php b/config/spamd/spamd_db.php index 3fe439ef..90215e6f 100644 --- a/config/spamd/spamd_db.php +++ b/config/spamd/spamd_db.php @@ -1,9 +1,9 @@ <?php -/* $Id$ */ /* spamd_db.php - part of the pfSense project - Copyright (C) 2006, 2007, 2008 Scott Ullrich + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2006-2009 Scott Ullrich + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,93 +27,90 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); +global $filter, $not, $limit, $spamtrapemail; -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version < 2.0) - $one_two = true; - -if($_POST['filter']) +if ($_POST['filter']) { $filter = $_POST['filter']; -if($_POST['not']) +} +if ($_POST['not']) { $not = true; -if($_POST['limit']) +} +if ($_POST['limit']) { $limit = intval($_POST['limit']); -else +} else { $limit = "25"; - -if($_GET['spamtrapemail']) +} + +if ($_GET['spamtrapemail']) { $spamtrapemail = $_GET['spamtrapemail']; -if($_POST['spamtrapemail']) +} +if ($_POST['spamtrapemail']) { $spamtrapemail = $_POST['spamtrapemail']; -if ($spamtrapemail) +} +if ($spamtrapemail) { $spamtrapemailarg = escapeshellarg($spamtrapemail); +} /* handle AJAX operations */ -if($_GET['action'] or $_POST['action']) { - /* echo back buttonid so it can be turned - * back off when request is completed. - */ +if ($_GET['action'] or $_POST['action']) { + /* echo back buttonid so it can be turned back off when request is completed. */ echo $_GET['buttonid'] . "|"; - if($_GET['action']) + if ($_GET['action']) { $action = $_GET['action']; - if($_POST['action']) + } + if ($_POST['action']) { $action = $_POST['action']; - if($_GET['srcip']) + } + if ($_GET['srcip']) { $srcip = $_GET['srcip']; - if($_POST['srcip']) + } + if ($_POST['srcip']) { $srcip = $_POST['srcip']; - $srcip = str_replace("<","",$srcip); - $srcip = str_replace(">","",$srcip); - $srcip = str_replace(" ","",$srcip); - // Make input safe + } + $srcip = str_replace("<", "", $srcip); + $srcip = str_replace(">", "", $srcip); + $srcip = str_replace(" ", "", $srcip); + // make input safe $srcip = escapeshellarg($srcip); /* execute spamdb command */ - if($action == "whitelist") { + if ($action == "whitelist") { exec("/usr/local/sbin/spamdb -d {$srcip} -T"); exec("/usr/local/sbin/spamdb -d {$srcip} -t"); delete_from_blacklist($srcip); mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); exec("echo spamdb -a {$srcip} > /tmp/tmp"); exec("/usr/local/sbin/spamdb -a {$srcip}"); - } else if($action == "delete") { + } elseif ($action == "delete") { exec("/usr/local/sbin/spamdb -d {$srcip}"); exec("/usr/local/sbin/spamdb -d {$srcip} -T"); exec("/usr/local/sbin/spamdb -d {$srcip} -t"); delete_from_blacklist($srcip); mwexec("/sbin/pfctl -q -t spamd -T delete $srcip"); mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); - } else if($action == "trapped") { + } elseif ($action == "trapped") { exec("/usr/local/sbin/spamdb -d {$srcip}"); exec("/usr/local/sbin/spamdb -d {$srcip}"); exec("/usr/local/sbin/spamdb -d -t {$srcip}"); exec("/usr/local/sbin/spamdb -a -t {$srcip}"); - } else if($action == "spamtrap") { + } elseif ($action == "spamtrap") { exec("/usr/local/sbin/spamdb -a -T {$spamtrapemailarg}"); } /* signal a reload for real time effect. */ - mwexec("killall -HUP spamlogd"); + mwexec("/usr/bin/killall -HUP spamlogd"); exit; } -/* spam trap e-mail address */ -if($spamtrapemail <> "") { - exec("spamdb -T -a {$spamtrapemailarg}"); - mwexec("killall -HUP spamlogd"); - $savemsg = htmlentities($spamtrapemail) . " added to spam trap database."; -} - -if($_GET['getstatus'] <> "") { - $status = exec("/usr/local/sbin/spamdb | grep " . escapeshellarg($_GET['getstatus'])); - if(stristr($status, "WHITE") == true) { +if ($_GET['getstatus'] != "") { + $status = exec("/usr/local/sbin/spamdb | /usr/bin/grep " . escapeshellarg($_GET['getstatus'])); + if (stristr($status, "WHITE") == true) { echo "WHITE"; - } else if(stristr($status, "TRAPPED") == true) { + } elseif (stristr($status, "TRAPPED") == true) { echo "TRAPPED"; - } else if(stristr($status, "GREY") == true) { + } elseif (stristr($status, "GREY") == true) { echo "GREY"; - } else if(stristr($status, "SPAMTRAP") == true) { + } elseif (stristr($status, "SPAMTRAP") == true) { echo "SPAMTRAP"; } else { echo "NOT FOUND"; @@ -122,35 +119,38 @@ if($_GET['getstatus'] <> "") { } /* spam trap e-mail address */ -if($_GET['spamtrapemail'] <> "") { - $status = exec("spamdb -T -a {$spamtrapemailarg}"); - mwexec("killall -HUP spamlogd"); - if($status) +if ($spamtrapemail != "") { + $status = exec("/usr/local/sbin/spamdb -T -a {$spamtrapemailarg}"); + mwexec("/usr/bin/killall -HUP spamlogd"); + if ($status) { echo $status; - else - echo htmlentities($_POST['spamtrapemail']) . " added to spam trap database."; + } else { + echo htmlentities($spamtrapemail) . " added to spam trap database."; + } exit; } /* whitelist e-mail address */ -if($_GET['whitelist'] <> "") { - $spamtrapemail = escapeshellarg($_GET['spamtrapemail']); - $status = exec("spamdb -a {$spamtrapemail}"); - mwexec("killall -HUP spamlogd"); - if($status) +if ($_GET['whitelist'] != "") { + $status = exec("/usr/local/sbin/spamdb -a {$spamtrapemail}"); + mwexec("/usr/bin/killall -HUP spamlogd"); + if ($status) { echo $status; - else - echo htmlentities($_POST['spamtrapemail']) . " added to whitelist database."; + } else { + echo htmlentities($spamtrapemail) . " added to whitelist database."; + } exit; } function delete_from_blacklist($srcip) { $blacklist = explode("\n", file_get_contents("/var/db/blacklist.txt")); $fd = fopen("/var/db/blacklist.txt", "w"); - foreach($blacklist as $bl) { - if($bl <> "") - if(!stristr($bl, $srcip)) + foreach ($blacklist as $bl) { + if ($bl != "") { + if (!stristr($bl, $srcip)) { fwrite($fd, "{$bl}\n"); + } + } } fclose($fd); mwexec("/sbin/pfctl -q -t spamd -T delete {$srcip}"); @@ -161,9 +161,11 @@ function delete_from_whitelist($srcip) { $whitelist = explode("\n", file_get_contents("/var/db/whitelist.txt")); $fd = fopen("/var/db/whitelist.txt", "w"); foreach($whitelist as $wl) { - if($wl <> "") - if(!stristr($wl, $srcip)) + if ($wl != "") { + if (!stristr($wl, $srcip)) { fwrite($fd, "{$wl}\n"); + } + } } fclose($fd); mwexec("/sbin/pfctl -q -t spamd -T delete $srcip"); @@ -173,23 +175,25 @@ function delete_from_whitelist($srcip) { $pgtitle = "SpamD: Database"; include("head.inc"); -if(file_exists("/var/db/whitelist.txt")) - $whitelist_items = `cat /var/db/whitelist.txt | wc -l`; -else +if (file_exists("/var/db/whitelist.txt")) { + $whitelist_items = shell_exec("/bin/cat /var/db/whitelist.txt | /usr/bin/wc -l"); +} else { $whitelist_items = 0; +} -if(file_exists("/var/db/blacklist.txt")) - $blacklist_items = `cat /var/db/blacklist.txt | wc -l`; -else +if (file_exists("/var/db/blacklist.txt")) { + $blacklist_items = shell_exec("/bin/cat /var/db/blacklist.txt | /usr/bin/wc -l"); +} else { $blacklist_items = 0; +} // Get an overall count of the database -$spamdb_items = `/usr/local/sbin/spamdb | wc -l`; +$spamdb_items = shell_exec("/usr/local/sbin/spamdb | /usr/bin/wc -l"); // Get blacklist and whitelist count from database -$spamdb_white = `/usr/local/sbin/spamdb | grep WHITE | wc -l`; -$spamdb_black = `/usr/local/sbin/spamdb | grep BLACK | wc -l`; -$spamdb_grey = `/usr/local/sbin/spamdb | grep GREY | wc -l`; +$spamdb_white = shell_exec("/usr/local/sbin/spamdb | /usr/bin/grep WHITE | /usr/bin/wc -l"); +$spamdb_black = shell_exec("/usr/local/sbin/spamdb | /usr/bin/grep BLACK | /usr/bin/wc -l"); +$spamdb_grey = shell_exec("/usr/local/sbin/spamdb | /usr/bin/grep GREY | /usr/bin/wc -l"); // Now count the user contributed whitelist and blacklist count $whitelist_items = $whitelist_items + $spamdb_white; @@ -198,22 +202,20 @@ $blacklist_items = $blacklist_items + $spamdb_black; ?> <body link="#000000" vlink="#000000" alink="#000000"> <?php include("fbegin.inc"); ?> -<?php if($one_two): ?> -<p class="pgtitle"><?=$pgtitle?></font></p> -<?php endif; ?> <form action="spamd_db.php" method="post" name="iform"> <script src="/javascript/scriptaculous/prototype.js" type="text/javascript"></script> <script src="/javascript/scriptaculous/scriptaculous.js" type="text/javascript"></script> <script type="text/javascript" language="javascript" src="row_toggle.js"></script> -<script language="javascript"> +<script type="text/javascript"> +//<![CDATA[ function outputrule(req) { - if(req.content != '') { + if (req.content != '') { /* response is split by | */ var itemsplit = req.content.split("|"); /* turn back off the button */ toggle_off(itemsplit[0]); /* uh oh, we've got an error of some sort */ - if(itemsplit[1] != "") + if (itemsplit[1] != "") alert('An error was detected.\n\n' + req.content); } } @@ -225,7 +227,7 @@ function toggle_on(button, image) { /* turn off button by stripping _p out */ function toggle_off(button) { /* no text back? thats bad. */ - if(button == '') + if (button == '') return; var item = document.getElementById(button); var currentbutton = item.src; @@ -248,13 +250,12 @@ if (typeof getURL == 'undefined') { if (typeof callback.operationComplete == 'function') callback = callback.operationComplete; } catch (e) {} - if (typeof callback != 'function') - throw 'No callback function for getURL'; + if (typeof callback != 'function') + throw 'No callback function for getURL'; var http_request = null; if (typeof XMLHttpRequest != 'undefined') { - http_request = new XMLHttpRequest(); - } - else if (typeof ActiveXObject != 'undefined') { + http_request = new XMLHttpRequest(); + } else if (typeof ActiveXObject != 'undefined') { try { http_request = new ActiveXObject('Msxml2.XMLHTTP'); } catch (e) { @@ -264,24 +265,27 @@ if (typeof getURL == 'undefined') { } } if (!http_request) - throw 'Both getURL and XMLHttpRequest are undefined'; + throw 'Both getURL and XMLHttpRequest are undefined'; http_request.onreadystatechange = function() { if (http_request.readyState == 4) { - callback( { success : true, - content : http_request.responseText, - contentType : http_request.getResponseHeader("Content-Type") } ); + callback({ + success: true, + content: http_request.responseText, + contentType: http_request.getResponseHeader("Content-Type") + }); } } http_request.open('GET', url, true); http_request.send(null); } } +//]]> </script> <?php if ($savemsg) print_info_box($savemsg); ?> -<?php if (file_exists($d_natconfdirty_path)): ?><p> +<?php if (file_exists($d_natconfdirty_path)): ?><br /> <?php endif; ?> <table width="99%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> +<tr><td> <?php $tab_array = array(); $tab_array[] = array("SpamD External Sources", false, "/pkg.php?xml=spamd.xml"); @@ -290,25 +294,20 @@ if (typeof getURL == 'undefined') { $tab_array[] = array("SpamD Database", true, "/spamd_db.php"); display_top_tabs($tab_array); ?> - </td></tr> - <tr> - <td> +</td></tr> +<tr><td> <div id="mainarea"> - <table id="maintable" name="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> + <table id="maintable" name="maintable" class="tabcont" width="100%" border="0" cellpadding="0" cellspacing="0"> <tr><td> - - -<table> -<tr><td align="right">Filter by test:</td><td><input name="filter" value="<?=$filter?>"></input></td><td><input type="submit" value="Filter"></td><td> Inverse filter (NOT):</td><td><input type="checkbox" id="not" name="not" <?php if($not) echo " CHECKED"; ?>></td></tr> -<tr><td align="right">Limit:</td><td><input name="limit" value="<?=$limit?>"></input></td></tr> -<tr><td> </td></tr> -<tr><td align="right">* Add spam trap E-mail address:</td><td><input name="spamtrapemail" value="<?=$spamtrapemail?>"></input></td><td><input type="submit" value="Add"></td></tr> -</table><br> - - - + <table> + <tr><td align="right">Filter by test:</td><td><input name="filter" value="<?=$filter?>"></input></td><td><input type="submit" value="Filter" /></td><td> Inverse filter (NOT):</td><td><input type="checkbox" id="not" name="not" <?php if($not) echo " checked=\"checked\""; ?> /></td></tr> + <tr><td align="right">Limit:</td><td><input name="limit" value="<?=$limit?>"></input></td></tr> + <tr><td> </td></tr> + <tr><td align="right">* Add spam trap E-mail address:</td><td><input name="spamtrapemail" value="<?=$spamtrapemail?>"></input></td><td><input type="submit" value="Add" /></td></tr> + </table> + <br /> <table id="sortabletable1" name="sortabletable1" class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr id="frheader"> + <tr id="frheader"> <td class="listhdrr">Type</td> <td class="listhdrr">IP</td> <td class="listhdrr">From</td> @@ -322,68 +321,65 @@ if (typeof getURL == 'undefined') { <?php function formatspamddatetime($dt) { - return date("Y-m-d", $dt) . "<br/>" . date("H:i:s", $dt); + return date("Y-m-d", $dt) . "<br />" . date("H:i:s", $dt); } - if($filter) { - if($not) { + if ($filter) { + if ($not) { $fd = fopen("/tmp/spamdb", "w"); - $cmd = "/usr/local/sbin/spamdb | grep -v " . escapeshellarg($filter) . " | tail -n {$limit}"; + $cmd = "/usr/local/sbin/spamdb | /usr/bin/grep -v " . escapeshellarg($filter) . " | /usr/bin/tail -n {$limit}"; fwrite($fd, $cmd); fclose($fd); exec($cmd, $pkgdb); - if(file_exists("/var/db/blacklist.txt")) { - $cmd = "cat /var/db/blacklist.txt | grep -v \"" . escapeshellarg($filter) . "\" "; + if (file_exists("/var/db/blacklist.txt")) { + $cmd = "/bin/cat /var/db/blacklist.txt | /usr/bin/grep -v \"" . escapeshellarg($filter) . "\" "; exec($cmd, $pkgdba); foreach($pkgdba as $pkg) { $pkgdb[] = "TRAPPED|{$pkg}|1149324397"; } } } else { - $cmd = "/usr/local/sbin/spamdb | grep " . escapeshellarg($filter) . " | tail -n {$limit}"; + $cmd = "/usr/local/sbin/spamdb | /usr/bin/grep " . escapeshellarg($filter) . " | /usr/bin/tail -n {$limit}"; exec($cmd, $pkgdb); - if(file_exists("/var/db/blacklist.txt")) { - $cmd = "cat /var/db/blacklist.txt | grep " . escapeshellarg($filter); + if (file_exists("/var/db/blacklist.txt")) { + $cmd = "/bin/cat /var/db/blacklist.txt | /usr/bin/grep " . escapeshellarg($filter); exec($cmd, $pkgdba); - foreach($pkgdba as $pkg) { + foreach ($pkgdba as $pkg) { $pkgdb[] = "TRAPPED|{$pkg}|1149324397"; } echo "<!-- $pkgdb -->"; } } } else { - exec("/usr/local/sbin/spamdb | tail -n {$limit}", $pkgdb); + exec("/usr/local/sbin/spamdb | /usr/bin/tail -n {$limit}", $pkgdb); } $rows = 0; $lastseenip = ""; $srcip = "|"; - foreach($pkgdb as $pkgdb_row) { + foreach ($pkgdb as $pkgdb_row) { - if($rows > $limit) + if($rows > $limit) { break; + } $dontdisplay = false; - if(!$pkgdb_row) + if (!$pkgdb_row) { continue; + } $pkgdb_split = explode("|", $pkgdb_row); /* - - For TRAPPED entries the format is: - + For TRAPPED entries the format is: type|ip|expire - where type will be TRAPPED, IP will be the IP address blacklisted due to - hitting a spamtrap, and expire will be when the IP is due to be removed - from the blacklist. - - For GREY entries, the format is: + where type will be TRAPPED, IP will be the IP address blacklisted due to + hitting a spamtrap, and expire will be when the IP is due to be removed + from the blacklist. + For GREY entries, the format is: type|source IP|helo|from|to|first|pass|expire|block|pass - For WHITE entries, the format is: - + For WHITE entries, the format is: type|source IP|||first|pass|expire|block|pass - */ switch($pkgdb_split[0]) { case "SPAMTRAP": @@ -427,8 +423,9 @@ function formatspamddatetime($dt) { $attempts = htmlentities($pkgdb_split[8]); break; } - if($srcip == "" and $fromaddress == "" and $toaddress == "") + if ($srcip == "" and $fromaddress == "" and $toaddress == "") { continue; + } echo "<tr id=\"{$rows}\">"; echo "<td class=\"listr\">{$recordtype}</td>"; echo "<td class=\"listr\">{$srcip}</td>"; @@ -438,40 +435,44 @@ function formatspamddatetime($dt) { echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . $pass . "</span></td>"; echo "<td class=\"listr\"><span style='white-space: nowrap;'>" . $expire . "</span></td>"; echo "<td class=\"listr\">{$attempts}</td>"; - echo "<td>"; - $rowtext = "<NOBR><a href='javascript:toggle_on(\"w{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_plus_p.gif\"); getURL(\"spamd_db.php?buttonid=w{$rows}&srcip={$srcip}&action=whitelist\", outputrule);'><img title=\"Add to whitelist\" name='w{$rows}' id='w{$rows}' border=\"0\" alt=\"Add to whitelist\" src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\"></a> "; - $rowtext .= "<a href='javascript:toggle_on(\"b{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_trapped_p.gif\");getURL(\"spamd_db.php?buttonid=b{$rows}&srcip={$srcip}&action=trapped\", outputrule);'><img title=\"Blacklist\" name='b{$rows}' id='b{$rows}' border=\"0\" alt=\"Blacklist\" src=\"/themes/{$g['theme']}/images/icons/icon_trapped.gif\"></a> "; - $rowtext .= "<a href='javascript:toggle_on(\"d{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_x_p.gif\");getURL(\"spamd_db.php?buttonid=d{$rows}&srcip={$srcip}&action=delete\", outputrule);'><img title=\"Delete\" border=\"0\" name='d{$rows}' id='d{$rows}' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\"></a>"; - $rowtext .= "<a href='javascript:toggle_on(\"s{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_plus_bl_p.gif\");getURL(\"spamd_db.php?buttonid=s{$rows}&spamtrapemail={$toaddress}&action=spamtrap\", outputrule);'><img title=\"Spamtrap\" name='s{$rows}' id='s{$rows}' border=\"0\" alt=\"Spamtrap\" src=\"./themes/{$g['theme']}/images/icons/icon_plus_bl.gif\"></a> "; - + echo "<td style=\"white-space:nowrap;\">"; + $rowtext = "<a href='javascript:toggle_on(\"w{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_plus_p.gif\"); getURL(\"spamd_db.php?buttonid=w{$rows}&srcip={$srcip}&action=whitelist\", outputrule);'><img title=\"Add to whitelist\" name='w{$rows}' id='w{$rows}' border=\"0\" alt=\"Add to whitelist\" src=\"/themes/{$g['theme']}/images/icons/icon_plus.gif\" alt=\"\" /></a> "; + $rowtext .= "<a href='javascript:toggle_on(\"b{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_trapped_p.gif\"); getURL(\"spamd_db.php?buttonid=b{$rows}&srcip={$srcip}&action=trapped\", outputrule);'><img title=\"Blacklist\" name='b{$rows}' id='b{$rows}' border=\"0\" alt=\"Blacklist\" src=\"/themes/{$g['theme']}/images/icons/icon_trapped.gif\" alt=\"\" /></a> "; + $rowtext .= "<a href='javascript:toggle_on(\"d{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_x_p.gif\"); getURL(\"spamd_db.php?buttonid=d{$rows}&srcip={$srcip}&action=delete\", outputrule);'><img title=\"Delete\" border=\"0\" name='d{$rows}' id='d{$rows}' alt=\"Delete\" src=\"./themes/{$g['theme']}/images/icons/icon_x.gif\" alt=\"\" /></a>"; + $rowtext .= "<a href='javascript:toggle_on(\"s{$rows}\", \"/themes/{$g['theme']}/images/icons/icon_plus_bl_p.gif\"); getURL(\"spamd_db.php?buttonid=s{$rows}&spamtrapemail={$toaddress}&action=spamtrap\", outputrule);'><img title=\"Spamtrap\" name='s{$rows}' id='s{$rows}' border=\"0\" alt=\"Spamtrap\" src=\"./themes/{$g['theme']}/images/icons/icon_plus_bl.gif\" alt=\"\" /></a> "; echo $rowtext; - echo "</td></tr>"; $rows++; - } -?> </td></tr></table> - <tr><td> - <?php echo "<font face=\"arial\"><p><b>" . $rows . "</b> rows returned."; ?> - <p> - * NOTE: adding an e-mail address to the spamtrap automatically traps any server trying to send e-mail to this address. - </td></tr> + } +?> + </td></tr> + </table> + <tr><td> + <?php echo "<font face=\"arial\"><p><b>" . $rows . "</b> rows returned.</p></font>"; ?> + <p> + * NOTE: adding an e-mail address to the spamtrap automatically traps any server trying to send e-mail to this address. + </p> + </td></tr> </table> </div> - </td> - </tr> +</td></tr> </table> </form> -<br> -<span class="vexpl"><strong><span class="red">Note:</span> Clicking on the action icons will invoke a AJAX query and the page will not refresh. Click refresh in you're browser if you wish to view the changes in status.</strong></span> -<br> - <p><font size="-2"><b>Database totals:</b><br><font size="-3"><br> - <?php - echo "{$whitelist_items} total items in the whitelist.<br>"; - echo "{$blacklist_items} total items in the blacklist.<br>"; - echo "{$spamdb_grey} total items in the greylist.<br>"; - echo "{$spamdb_items} total items in the SpamDB.<br>"; - ?> +<br /> +<span class="vexpl"><strong><span class="red">Note:</span> Clicking on the action icons will invoke a AJAX query and the page will not refresh. Click refresh in your browser if you wish to view the changes in status.</strong></span> +<br /> +<p> + <font size="-2"><strong>Database totals:</strong></font><br/><br /> + <font size="-3"> + <?php + echo "{$whitelist_items} total items in the whitelist.<br />"; + echo "{$blacklist_items} total items in the blacklist.<br />"; + echo "{$spamdb_grey} total items in the greylist.<br />"; + echo "{$spamdb_items} total items in the SpamDB.<br />"; + ?> + </font> +</p> <?php include("fend.inc"); ?> </body> </html> diff --git a/config/spamd/spamd_db_ext.php b/config/spamd/spamd_db_ext.php deleted file mode 100644 index 010027e3..00000000 --- a/config/spamd/spamd_db_ext.php +++ /dev/null @@ -1,229 +0,0 @@ -<?php -/* $Id$ */ -/* - spamd_db_ext.php - Copyright (C) 2008 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -require("guiconfig.inc"); - -/* this script is no longer supported */ -exit; - -if($_GET['loginname']) - $loginname = " Username: " . $_GET['loginname']; -if($_GET['username']) - $username = $_GET['username']; -if($_GET['password']) - $password = $_GET['password']; -if($_POST['username']) - $username = $_POST['username']; -if($_POST['password']) - $password = $_POST['password']; - -foreach($config['installedpackages']['spamdoutlook']['config'] as $outlook) { - if($outlook['username'] <> $username) { - echo "550. INVALID USERNAME {$username}."; - exit; - } - if($outlook['password'] <> $password) { - echo "550. INVALID PASSWORD {$password}."; - exit; - } -} - -/* handle AJAX operations */ -if($_GET['action'] or $_POST['action']) { - if($_GET['action']) - $action = escapeshellarg(trim($_GET['action'])); - if($_POST['action']) - $action = escapeshellarg(trim($_POST['action'])); - if($_GET['srcip']) - $srcip = escapeshellarg(trim($_GET['srcip'])); - if($_POST['srcip']) - $srcip = escapeshellarg(trim($_POST['srcip'])); - if($_POST['email']) - $email = escapeshellarg(trim($_POST['email'])); - if($_GET['email']) - $email = escapeshellarg(trim($_GET['email'])); - /* execute spamdb command */ - if($action == "whitelist") { - delete_from_spamd_db($srcip); - usleep(100); - exec("/usr/local/sbin/spamdb -a {$srcip}"); - mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); - delete_from_blacklist($srcip); - log_error("spamd: {$srcip} has been whitelisted by {$_SERVER['REMOTE_ADDR']} {$loginname}"); - hup_spamd(); - exit; - } else if($action == "delete") { - delete_from_spamd_db($srcip); - usleep(100); - hup_spamd(); - mwexec("/sbin/pfctl -q -t spamd -T delete $srcip"); - mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); - delete_from_blacklist($srcip); - delete_from_whitelist($srcip); - log_error("spamd: {$srcip} has been deleted by {$_SERVER['REMOTE_ADDR']} {$loginname}"); - exit; - } else if($action == "spamtrap") { - delete_from_spamd_db($email); - delete_from_whitelist($srcip); - usleep(100); - exec("/usr/local/sbin/spamdb -a \"{$email}\" -T"); - hup_spamd(); - mwexec("/sbin/pfctl -q -t blacklist -T add -f /var/db/blacklist.txt"); - log_error("spamd: {$srcip} has been blacklisted by {$_SERVER['REMOTE_ADDR']} {$loginname}"); - exit; - } else if($action == "trapped") { - delete_from_spamd_db($srcip); - delete_from_whitelist($srcip); - usleep(100); - exec("/usr/local/sbin/spamdb -a {$srcip} -t"); - add_to_blacklist($srcip); - log_error("spamd: {$srcip} has been trapped by {$_SERVER['REMOTE_ADDR']} {$loginname}"); - hup_spamd(); - exit; - } - /* signal a reload for real time effect. */ - hup_spamd(); - exit; -} - -/* spam trap e-mail address */ -if($_POST['spamtrapemail'] <> "") { - $spamtrapemail = escapeshellarg($_POST['spamtrapemail']); - exec("/usr/local/sbin/spamdb -d {$spamtrapemail}"); - exec("/usr/local/sbin/spamdb -d -T \"{$spamtrapemail}\""); - exec("/usr/local/sbin/spamdb -d -t \"{$spamtrapemail}\""); - mwexec("/usr/local/sbin/spamdb -T -a \"{$spamtrapemail}\""); - mwexec("killall -HUP spamlogd"); - $savemsg = htmlentities($_POST['spamtrapemail']) . " added to spam trap database."; -} - -if($_GET['getstatus'] <> "") { - $getstatus = escapeshellarg($_GET['getstatus']); - $status = exec("/usr/local/sbin/spamdb | grep \"{$getstatus}\""); - if(stristr($status, "WHITE") == true) { - echo "WHITE"; - } else if(stristr($status, "TRAPPED") == true) { - echo "TRAPPED"; - } else if(stristr($status, "GREY") == true) { - echo "GREY"; - } else if(stristr($status, "SPAMTRAP") == true) { - echo "SPAMTRAP"; - } else { - echo "NOT FOUND"; - } - exit; -} - -/* spam trap e-mail address */ -if($_GET['spamtrapemail'] <> "") { - $spamtrapemail = escapeshellarg($_GET['spamtrapemail']); - $status = exec("spamdb -T -a \"{$spamtrapemail}\""); - mwexec("killall -HUP spamlogd"); - if($status) - echo $status; - else - echo htmlentities($_POST['spamtrapemail']) . " added to spam trap database."; - exit; -} - -/* spam trap e-mail address */ -if($_GET['whitelist'] <> "") { - $spamtrapemail = escapeshellarg($_GET['spamtrapemail']); - $status = exec("spamdb -a \"{$spamtrapemail}\""); - mwexec("killall -HUP spamlogd"); - if($status) - echo $status; - else - echo htmlentities($_POST['spamtrapemail']) . " added to whitelist database."; - exit; -} - -function delete_from_spamd_db($srcip) { - $fd = fopen("/tmp/execcmds", "w"); - fwrite($fd, "#!/bin/sh\n"); - fwrite($fd, "/usr/local/sbin/spamdb -d {$srcip}\n"); - fwrite($fd, "/usr/local/sbin/spamdb -d {$srcip} -T\n"); - fwrite($fd, "/usr/local/sbin/spamdb -d {$srcip} -t\n"); - fwrite($fd, "/usr/local/sbin/spamdb -d \"{$srcip}\" -t\n"); - fwrite($fd, "/usr/local/sbin/spamdb -d \"{$srcip}\" -T\n"); - fclose($fd); - exec("/bin/chmod a+rx /tmp/execcmds"); - system("/bin/sh /tmp/execcmds"); - mwexec("/usr/bin/killall -HUP spamlogd"); - mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); -} - -function basic_auth_prompt(){ - header("WWW-Authenticate: Basic realm=\".\""); - header("HTTP/1.0 401 Unauthorized"); - echo "You must enter valid credentials to access this resource."; - exit; -} - -function add_to_blacklist($srcip) { - $fd = fopen("/var/db/blacklist.txt", "a"); - fwrite($fd, "{$srcip}\n"); - fclose($fd); - mwexec("/sbin/pfctl -q -t spamd -T add -f /var/db/blacklist.txt"); - mwexec("/sbin/pfctl -q -t blacklist -T add -f /var/db/blacklist.txt"); -} - -function delete_from_blacklist($srcip) { - $blacklist = split("\n", file_get_contents("/var/db/blacklist.txt")); - $fd = fopen("/var/db/blacklist.txt", "w"); - foreach($blacklist as $bl) { - if($bl <> "") - if(!stristr($bl, $srcip)) - fwrite($fd, "{$bl}\n"); - } - fclose($fd); - mwexec("/sbin/pfctl -q -t spamd -T delete $srcip"); - mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); -} - -function delete_from_whitelist($srcip) { - $whitelist = split("\n", file_get_contents("/var/db/whitelist.txt")); - $fd = fopen("/var/db/whitelist.txt", "w"); - foreach($whitelist as $wl) { - if($wl <> "") - if(!stristr($wl, $srcip)) - fwrite($fd, "{$wl}\n"); - } - fclose($fd); - mwexec("/sbin/pfctl -q -t spamd -T delete $srcip"); - mwexec("/sbin/pfctl -q -t whitelist -T replace -f /var/db/whitelist.txt"); -} - -function hup_spamd() { - mwexec("killall -HUP spamlogd"); -} - -exit; - -?> diff --git a/config/spamd/spamd_exchexp.asp b/config/spamd/spamd_exchexp.asp deleted file mode 100644 index 56b0c629..00000000 --- a/config/spamd/spamd_exchexp.asp +++ /dev/null @@ -1,50 +0,0 @@ -<% - -dim server -server = "SERVERNAME" - -Sub ExportUsers(oObject) - Dim oUser - For Each oUser in oObject - Select Case oUser.Class - Case "user" - If oUser.mail <> "" then - - for each email in oUser.proxyAddresses - If (lcase(left(email,4))="smtp") Then - 'userFile.WriteLine Mid(email,6) - document.write Mid(email,6) & vbCrLf - End If - next - End if - Case "organizationalUnit" , "container" - If UsersinOU (oUser) then - ExportUsers(oUser) - End if - End select - Next -End Sub - -Function UsersinOU (oObject) - Dim oUser - UsersinOU = False - for Each oUser in oObject - Select Case oUser.Class - Case "organizationalUnit" , "container" - UsersinOU = UsersinOU(oUser) - Case "user" - UsersinOU = True - - End select - Next -End Function - -Dim rootDSE, domainObject -Set rootDSE=GetObject("LDAP://" & server & "/RootDSE") -domainContainer = rootDSE.Get("defaultNamingContext") -Set domainObject = GetObject("LDAP://" & domainContainer) - -ExportUsers(domainObject) -Set oDomain = Nothing - -%>
\ No newline at end of file diff --git a/config/spamd/spamd_gather_stats.php b/config/spamd/spamd_gather_stats.php deleted file mode 100644 index 2fee6904..00000000 --- a/config/spamd/spamd_gather_stats.php +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/local/bin/php -q - -<?php -/* $Id$ */ -/* - spamd_gather_stats.php - Copyright (C) 2006 Scott Ullrich - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. -*/ - -/* read in spamd log file */ -if(file_exists("/var/log/spamd.log")) - $log_array = split("\n", file_get_contents("/var/log/spamd.log")); - -/* variable to keep track of connections */ -$connections = array(); - -/* array to track average connection time */ -$connect_times = array(); - -foreach($log_array as $la) { - /* no watson, this is not the city of angels */ - if (preg_match("/.*spamd\[.*\]\:\s(.*)\: connected\s\((.*)\/(.*)\)/", $la, $matches)) { - /* we matched a connect */ - $ip = $matches[1]; - $current_connections = $matches[2]; - $max_connections = $matches[2]; - $connections[$ip] = false; - } else if (preg_match("/.*spamd\[.*\]\:\s(.*)\: disconnected\safter\s(.*)\sseconds\./", $la, $matches)) { - /* we matched a disconnect */ - $ip = $matches[1]; - $connect_time = $matches[2]; - $connections[$ip] = true; - $connect_times[$ip] = $connect_time; - } -} - -$open_connections = 0; -$average_connect_time = 0; - -$total_connections = count($connect_times); - -/* loop through, how many connections are open */ -foreach($connections as $c) { - if($c == true) - $open_connections++; -} - -/* loop through, how many connections are open */ -foreach($connect_times as $c) { - $average_connect_time = $average_connect_time + $c; -} - -echo "N:"; -echo $open_connections; -echo ":"; -if($total_connections == 0) - echo 0; -else - echo round(($average_connect_time / $total_connections)); - -exit; - -?>
\ No newline at end of file diff --git a/config/spamd/spamd_outlook.xml b/config/spamd/spamd_outlook.xml deleted file mode 100644 index 5e94701f..00000000 --- a/config/spamd/spamd_outlook.xml +++ /dev/null @@ -1,90 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> - <name>spamdoutlook</name> - <version>0.1.0</version> - <title>SpamD Outlook</title> - <aftersaveredirect>pkg_edit.php?xml=spamd_outlook.xml&id=0</aftersaveredirect> - <tabs> - <tab> - <text>SpamD External Sources</text> - <url>/pkg.php?xml=spamd.xml</url> - </tab> - <tab> - <text>SpamD Whitelist</text> - <url>/pkg.php?xml=spamd_whitelist.xml</url> - </tab> - <tab> - <text>SpamD Settings</text> - <url>/pkg_edit.php?xml=spamd_settings.xml&id=0</url> - </tab> - <tab> - <text>SpamD Database</text> - <url>/spamd_db.php</url> - </tab> - </tabs> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> - <configpath>['installedpackages']['spamd']['config']</configpath> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> - <fields> - <field> - <fielddescr>Username</fielddescr> - <fieldname>username</fieldname> - <description>Enter the username the outlook clients will use to connect with.</description> - <type>input</type> - </field> - <field> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Enter the password the outlook clients will use to connect with.</description> - <type>password</type> - </field> - - </fields> -</packagegui>
\ No newline at end of file diff --git a/config/spamd/spamd_settings.xml b/config/spamd/spamd_settings.xml index 225ef4a6..2793221b 100644 --- a/config/spamd/spamd_settings.xml +++ b/config/spamd/spamd_settings.xml @@ -1,62 +1,51 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - spamd_settings.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + spamd_settings.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>spamdsettings</name> - <version>1.1.1</version> + <version>1.1.5</version> <title>SpamD: Settings</title> <aftersaveredirect>pkg_edit.php?xml=spamd_settings.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/spamd.inc</include_file> - <!-- Menu is where this packages menu will appear --> - <menu> - <name>SpamD</name> - <section>Services</section> - <configfile>spamd.xml</configfile> - </menu> - <service> - <name>spamd</name> - <rcfile>spamd.sh</rcfile> - <executable>spamd</executable> - </service> <tabs> <tab> <text>SpamD External Sources</text> @@ -76,18 +65,12 @@ <url>/spamd_db.php</url> </tab> </tabs> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> <configpath>['installedpackages']['spamd']['config']</configpath> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> - <fielddescr>Intercept on interfaces</fielddescr> + <fielddescr>Intercept on Interfaces</fielddescr> <fieldname>spamdbinds_array</fieldname> - <description> - <![CDATA[These are the interfaces spamd will intercept smtp connections on.]]> - </description> + <description>These are the interfaces SpamD will intercept SMTP connections on.</description> <type>interfaces_selection</type> <multiple>true</multiple> <hideinterfaceregex>loopback</hideinterfaceregex> @@ -97,71 +80,119 @@ <fieldname>identifier</fieldname> <description>The SMTP version banner that is reported upon initial connection.</description> <type>input</type> - </field> + </field> <field> - <fielddescr>Maximum blacklisted connections</fielddescr> + <fielddescr>Maximum Blacklisted Connections</fielddescr> <fieldname>maxblack</fieldname> - <description>The maximum number of concurrent blacklisted connections to allow in greylisting mode. This value may not be greater than maxcon (see below). The default is maxcon - 100.</description> + <description> + <![CDATA[ + The maximum number of concurrent blacklisted connections to allow in greylisting mode. + This value must not be greater than 'Max Concurrent Connections' (see below).<br /> + (Default: 'Max Concurrent Connections' - 100) + ]]> + </description> <type>input</type> + <size>10</size> </field> <field> - <fielddescr>Max concurrent connections</fielddescr> + <fielddescr>Max Concurrent Connections</fielddescr> <fieldname>maxcon</fieldname> - <description>The maximum number of concurrent connections to allow. The default is 800.</description> + <description> + <![CDATA[ + The maximum number of concurrent connections to allow.<br /> + (Default: 800) + ]]> + </description> <type>input</type> - <value>800</value> + <size>10</size> + <default_value>800</default_value> </field> <field> - <fielddescr>Grey listing</fielddescr> + <fielddescr>Greylisting</fielddescr> <fieldname>greylisting</fieldname> - <description>Connections from addresses not blacklisted on the black lists tab will be considered for greylisting. Such connections will not be stuttered at (though see the stutter secs option) or delayed, and will receive the pleasantly innocuous temporary failure. After passtime if the host returns it will be added to the white list.</description> + <description> + <![CDATA[ + Connections from addresses not blacklisted on the black lists tab will be considered for greylisting. + Such connections will not be stuttered at (see the 'Stutter Secs' option) or delayed, and will receive the pleasantly innocuous temporary failure. + After passtime elapsed, the host will be added to the white list upon reconnection. + ]]> + </description> <type>checkbox</type> - <value>yes</value> + <enablefields>passtime,greyexp,whiteexp</enablefields> + <default_value>on</default_value> </field> <field> <fielddescr>Passtime</fielddescr> <fieldname>passtime</fieldname> - <description>Adjust the three time parameters for greylisting. Passtime defaults to 25 (minutes). After passtime minutes if spamd sees a retried attempt to deliver mail for the same tuple, spamd will whitelist the connecting address by adding it as a whitelist entry.</description> + <description> + <![CDATA[ + After specified number of minutes, if SpamD sees a retried attempt to deliver mail for the same tuple, it will whitelist + the connecting address by adding it as a whitelist entry.<br /> + (Default: 25 minutes) + ]]> + </description> <type>input</type> - <size>30</size> - <value>25:4:864</value> + <size>5</size> + <default_value>25</default_value> </field> <field> <fielddescr>Grey Expiration</fielddescr> <fieldname>greyexp</fieldname> - <description>Adjust the three time parameters for greylisting. Grey expiration defaults to 4. SpamD removes connection entries from the database if delivery has not been retried within greyexp hours from the initial time a connection is seen.</description> + <description> + <![CDATA[ + SpamD removes connection entries from the database if delivery has not been retried within specified numbers of hours from the initial time a connection is seen.<br /> + (Default: 4 hours) + ]]> + </description> <type>input</type> - <size>30</size> - <value>25:4:864</value> + <size>5</size> + <default_value>4</default_value> </field> <field> <fielddescr>White Exp</fielddescr> <fieldname>whiteexp</fieldname> - <description>Adjust the three time parameters for greylisting. White expiration defaults to 864 (hours, approximately 36 days). SpamD removes whitelist entries from the database if no mail delivery activity has been seen from the whitelisted address within whiteexp hours from the initial time an address is whitelisted.</description> + <description> + <![CDATA[ + SpamD removes whitelist entries from the database if no mail delivery activity has been seen from the whitelisted address within specified number of hours + from the initial time an address is whitelisted.<br /> + (Default: 864 hours - approximately 36 days) + ]]> + </description> <type>input</type> - <size>30</size> - <value>25:4:864</value> + <size>5</size> + <default_value>864</default_value> </field> <field> <fielddescr>Stutter Secs</fielddescr> <fieldname>stuttersecs</fieldname> - <description>Stutter at greylisted connections for the specified amount of seconds, after which the connection is not stuttered at. Defaults to 10.</description> + <description> + <![CDATA[ + Stutter at greylisted connections for the specified amount of seconds, after which the connection is not stuttered at.<br /> + (Defaults: 10 seconds) + ]]> + </description> <type>input</type> - <value>10</value> + <size>5</size> + <default_value>10</default_value> </field> <field> <fielddescr>Delay Secs</fielddescr> <fieldname>delaysecs</fieldname> - <description>Delay each character sent to the client by the specified amount of seconds. Defaults to 1.</description> + <description> + <![CDATA[ + Delay each character sent to the client by the specified amount of seconds.<br /> + (Default: 1 second) + ]]> + </description> <type>input</type> - <value>1</value> + <size>5</size> + <default_value>1</default_value> </field> <field> <fielddescr>Window Size</fielddescr> <fieldname>window</fieldname> <description>Set the socket receive buffer to this many bytes, adjusting the window size.</description> <type>input</type> - <value></value> </field> <!-- <field> @@ -170,34 +201,32 @@ <description>The SMTP error to return to the spammer, i.e. 450, 451, 550. This defaults to 450.</description> <type>select</type> <size>1</size> - <value>450</value> + <default_value>450</default_value> <options> - <option><name></name><value></value></option> - <option><name>450</name><value>450</value></option> - <option><name>451</name><value>451</value></option> - <option><name>550</name><value>550</value></option> + <option><name></name><value></value></option> + <option><name>450</name><value>450</value></option> + <option><name>451</name><value>451</value></option> + <option><name>550</name><value>550</value></option> </options> </field> --> <field> <fielddescr>NextMTA</fielddescr> - <fieldname>nextmta</fieldname> - <description>Automatically sends messages after being processed by SpamD to IP Address. You may enter an alias if you like, simply prepend $ to the alias name. example: $mailservers. Note, if you have postfix package installed enter 127.0.0.1 here.</description> + <fieldname>next_mta</fieldname> + <description> + <![CDATA[ + After processing, automatically send messages to specified IP address.<br /> + Note: If you have postfix package installed, enter 127.0.0.1 here. + ]]> + </description> <type>input</type> - <value>1</value> + <default_value>on</default_value> </field> - <field> - <fielddescr>Enable RRD graphing</fielddescr> - <fieldname>enablerrd</fieldname> - <description>Enables the graphing of SpamD connection and disconnection statistics.</description> - <type>checkbox</type> - <value></value> - </field> </fields> <custom_php_validation_command> spamd_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sync_package_spamd(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/spamd/spamd_verify_to_address.php b/config/spamd/spamd_verify_to_address.php deleted file mode 100644 index 504107d3..00000000 --- a/config/spamd/spamd_verify_to_address.php +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/local/bin/php -q -<?php -/* - * pfSense spamd mousetrap - * (C)2006 Scott Ullrich - * - * Reads in an external list of c/r - * seperated valid e-mail addresses - * and then looks to see waiting grey- - * listed servers. if the server is - * sending to an invalid e-mail address - * then add them to spamtrap. - * - * Directions for usage: - * 1. Download this script to the /root/ directory on your pfSense installation. - * 2. chmod a+rx spamd_verify_to_address.php - * 3. Edit $server_to_pull_data_from to point to a location containing a list of - * all valid email addresses c/r seperated. - * 4. Add spamd_verify_to_address.php to cron or run it by invoking - * ./spamd_verify_to_address.php manually. - * - * XXX/TODO: - * * Add flag to blacklist a server after receiving X - * attempts at a delivery with invalid to: addresses. - * - */ - -require("config.inc"); -require("functions.inc"); - -/* path to script that outputs c/r seperated e-mail addresses */ -$server_to_pull_data_from = "http://10.0.0.11/spamd_exchexp.asp"; - -/* to enable debugging, change false to true */ -$debug = true; - -if($debug) - echo "Downloading current valid email list...\n"; -/* fetch down the latest list from server */ -if($debug) { - /* fetch without quiet mode */ - system("fetch -o /tmp/emaillist.txt {$server_to_pull_data_from}"); -} else { - /* fetch with quiet mode */ - system("fetch -q -o /tmp/emaillist.txt {$server_to_pull_data_from}"); -} - -/* test if file exists, if not, bail. */ -if(!file_exists("/tmp/emaillist.txt")) { - if($debug) - echo "Could not fetch $server_to_pull_data_from\n"; - exit; -} - -/* clean up and split up results */ -$fetched_file = strtolower(file_get_contents("/tmp/emaillist.txt")); -$valid_list = split("\n", $fetched_file); -$grey_hosts = split("\n", `spamdb | grep GREY`); - -if($fetched_file == "") - exit(-1); - -if($debug) { - /* echo out all our valid hosts */ - foreach($valid_list as $valid) - echo "VALID: ||$valid||\n"; -} - -/* suck custom blacklist into array */ -$current_blacklist = split("\n", `cat /var/db/blacklist.txt`); -/* suck current spamtrap emails into array */ -$current_spamtrap = split("\n", `/usr/local/sbin/spamdb | grep SPAMTRAP | cut -d"|" -f2`); -/* eliminate <> from email addresses */ -for($x=0; isset($current_spamtrap[$x]); $x++) { - $current_spamtrap[$x] = str_replace("<", "", $current_spamtrap[$x]); - $current_spamtrap[$x] = str_replace(">", "", $current_spamtrap[$x]); -} - -/* traverse list and find the dictionary attackers, etc */ -foreach($grey_hosts as $grey) { - if(trim($grey) == "") - continue; - /* clean up and further break down values */ - $grey_lower = strtolower($grey); - $grey_lower = str_replace("<","",$grey_lower); - $grey_lower = str_replace(">","",$grey_lower); - $grey_split = split("\|", $grey_lower); - $email_from = strtolower($grey_split[2]); - $email_to = strtolower($grey_split[3]); - $server_ip = strtolower($grey_split[1]); - if(in_array($server_ip, $current_blacklist)) { - if($debug) - echo "$server_ip already in blacklist.\n"; - continue; - } - if(in_array($email_to, $current_spamtrap)) { - if($email_to) - echo "$email_to already in blacklist.\n"; - continue; - } - if($debug) - echo "Testing $email_from | $email_to \n"; - if (in_array($email_to, $valid_list)) { - if($debug) - echo "$email_to is in the valid list\n"; - } else { - /* spammer picked the wrong person to mess with */ - if($server_ip) { - if($debug) - echo "/usr/local/sbin/spamdb -a $server_ip -t\n"; - exec("/usr/local/sbin/spamdb -d {$server_ip} 2>/dev/null"); - exec("/usr/local/sbin/spamdb -d {$server_ip} -T 2>/dev/null"); - exec("/usr/local/sbin/spamdb -d {$server_ip} -t 2>/dev/null"); - if($debug) - echo "/usr/local/sbin/spamdb -a \"<$email_to>\" -T\n"; - exec("/usr/local/sbin/spamdb -a \"<$email_to>\" -T"); - system("echo $server_ip >> /var/db/blacklist.txt"); - $result = mwexec("/usr/local/sbin/spamdb -a $server_ip -t"); - } else { - if($debug) - echo "Could not locate server ip address."; - } - if($debug) - echo "Script result code: {$result}\n"; - } -} - -mwexec("killall -HUP spamlogd"); - -if($debug) { - echo "\nSearch completed.\n\n"; - echo "Items trapped: "; - system("/usr/local/sbin/spamdb | grep TRAPPED | wc -l"); - echo "Items spamtrapped: "; - system("/usr/local/sbin/spamdb | grep SPAMTRAP | wc -l"); - echo "Items in blacklist.txt: "; - system("/sbin/pfctl -t blacklist -T show | wc -l"); -} - -mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); - -?> diff --git a/config/spamd/spamd_whitelist.xml b/config/spamd/spamd_whitelist.xml index 8a916fb7..7b80d268 100644 --- a/config/spamd/spamd_whitelist.xml +++ b/config/spamd/spamd_whitelist.xml @@ -1,55 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + spamd_settings.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2008 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>spamd-whitelist</name> - <version>0.1.0</version> + <version>1.1.5</version> <title>SpamD: Whitelist</title> <include_file>/usr/local/pkg/spamd.inc</include_file> - <!-- Menu is where this packages menu will appear --> <menu> <name>SpamD Whitelist</name> <tooltiptext></tooltiptext> @@ -69,14 +64,12 @@ <tab> <text>SpamD Settings</text> <url>/pkg_edit.php?xml=spamd_settings.xml&id=0</url> - </tab> + </tab> <tab> <text>SpamD Database</text> <url>/spamd_db.php</url> </tab> </tabs> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> <configpath>['installedpackages']['spamdwhitelist']['config']</configpath> <adddeleteeditpagefields> <columnitem> @@ -88,26 +81,24 @@ <fieldname>description</fieldname> </columnitem> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Exempted IP</fielddescr> <fieldname>ip</fieldname> - <description>Enter the IP to exempt from blacklisting</description> + <description>Enter the IP to exempt from blacklisting.</description> <type>input</type> </field> <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Enter the description for this item</description> + <description>Enter the description for this item.</description> <type>input</type> </field> </fields> <custom_delete_php_command> sync_package_spamd_whitelist(); - </custom_delete_php_command> + </custom_delete_php_command> <custom_php_resync_config_command> sync_package_spamd_whitelist(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid/squid.inc b/config/squid/squid.inc index 8e87c7a1..4cfb9af8 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -210,9 +210,11 @@ function squid_install_command() { /* create cache */ update_status("Creating squid cache pools... One moment please..."); squid_dash_z(); - /* make sure pinger is executable */ + /* make sure pinger is executable and suid root */ + // XXX: Bug #5114 if(file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) exec("/bin/chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger"); + exec("/bin/chmod u+s " . SQUID_LOCALBASE . "/libexec/squid/pinger"); if(file_exists(SQUID_LOCALBASE . "/etc/rc.d/squid")) exec("/bin/rm " . SQUID_LOCALBASE . "/etc/rc.d/squid"); squid_write_rcfile(); @@ -541,78 +543,33 @@ function squid_validate_auth($post, &$input_errors) { } function squid_install_cron($should_install) { - global $config, $g; - if($g['booting']==true) - return; - $rotate_is_installed = false; - $swapstate_is_installed = false; - if(!$config['cron']['item']) + global $g, $config; + if (function_exists("platform_booting")) { + if (platform_booting()) { + return; + } + } elseif ($g['booting']) { return; - $settings = $config['installedpackages']['squidcache']['config'][0]; + } - $x=0; - $rotate_job_id=-1; - $swapstate_job_id=-1; + parse_config(true); - foreach($config['cron']['item'] as $item) { - if(strstr($item['task_name'], "squid_rotate_logs")) { - $rotate_job_id = $x; - } elseif(strstr($item['task_name'], "squid_check_swapstate")) { - $swapstate_job_id = $x; - } - $x++; - } - $need_write = false; - switch($should_install) { - case true: - $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); - if($rotate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "squid_rotate_logs"; - $cron_item['minute'] = "0"; - $cron_item['hour'] = "0"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; " . SQUID_LOCALBASE . "/sbin/squid -k rotate"; - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if($swapstate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "squid_check_swapstate"; - $cron_item['minute'] = "*/15"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Adding Squid Cron Jobs"); - } - break; - case false: - if($rotate_job_id >= 0) { - unset($config['cron']['item'][$rotate_job_id]); - $need_write = true; - } - if($swapstate_job_id >= 0) { - unset($config['cron']['item'][$swapstate_job_id]); - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Removing Squid Cron Jobs"); - } - break; + if (is_array($config['installedpackages']['squidcache'])) { + $settings = $config['installedpackages']['squidcache']['config'][0]; + } else { + $settings = array(); + } + $cachedir = ($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + $cron_cmd = "/bin/rm {$cachedir}/swap.state; " . SQUID_LOCALBASE . "/sbin/squid -k rotate"; + $swapstate_cmd = "/usr/local/pkg/swapstate_check.php"; + + if ($should_install) { + install_cron_job("{$cron_cmd}", true, "0", "0", "*", "*", "*", "root"); + install_cron_job("{$swapstate_cmd}", true, "*/15"); + } else { + install_cron_job("{$cron_cmd}", false); + install_cron_job("{$swapstate_cmd}", false); } - configure_cron(); } function squid_resync_general() { @@ -969,6 +926,16 @@ EOD; function squid_resync_auth() { global $config, $valid_acls; + if (!is_array($config['installedpackages']['squidauth'])) { + $config['installedpackages']['squidauth']['config'][0] = array(); + } + if (!is_array($config['installedpackages']['squidnac'])) { + $config['installedpackages']['squidnac']['config'][0] = array(); + } + if (!is_array($config['installedpackages']['squid'])) { + $config['installedpackages']['squid']['config'][0] = array(); + } + $settings = $config['installedpackages']['squidauth']['config'][0]; $settingsnac = $config['installedpackages']['squidnac']['config'][0]; $settingsconfig = $config['installedpackages']['squid']['config'][0]; @@ -1146,9 +1113,11 @@ function squid_resync() { squid_resync_users(); squid_write_rcfile(); - /* make sure pinger is executable */ + /* make sure pinger is executable and suid root */ + // XXX: Bug #5114 if(file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) - exec("chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger"); + exec("/bin/chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger"); + exec("/bin/chmod u+s " . SQUID_LOCALBASE . "/libexec/squid/pinger"); foreach (array( SQUID_CONFBASE, SQUID_ACLDIR, diff --git a/config/squid3/31/squid.inc b/config/squid3/31/squid.inc index e6de88c4..d565810c 100644 --- a/config/squid3/31/squid.inc +++ b/config/squid3/31/squid.inc @@ -976,9 +976,9 @@ cache_mem $memory_cache_size MB maximum_object_size_in_memory {$max_objsize_in_mem} KB memory_replacement_policy {$memory_policy} cache_replacement_policy {$cache_policy} -$disk_cache_opts minimum_object_size {$min_objsize} KB maximum_object_size {$max_objsize} +$disk_cache_opts offline_mode {$offline_mode} EOD; diff --git a/config/squid3/33/squid.inc b/config/squid3/33/squid.inc index 669ae2f3..0f71def8 100755 --- a/config/squid3/33/squid.inc +++ b/config/squid3/33/squid.inc @@ -1055,6 +1055,8 @@ if(empty($settings['cache_dynamic_content'])){ } else{ if(preg_match('/youtube/',$settings['refresh_patterns'])){ + // Broken (Bug #3847) and not working (http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube#Discussion) + /* $conf.=<<< EOC # Break HTTP standard for flash videos. Keep them in cache even if asked not to. refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private @@ -1064,6 +1066,7 @@ acl youtube dstdomain .youtube.com cache allow youtube EOC; +*/ } if(preg_match('/windows/',$settings['refresh_patterns'])){ $conf.=<<< EOC @@ -1125,9 +1128,9 @@ cache_mem $memory_cache_size MB maximum_object_size_in_memory {$max_objsize_in_mem} KB memory_replacement_policy {$memory_policy} cache_replacement_policy {$cache_policy} -$disk_cache_opts minimum_object_size {$min_objsize} KB maximum_object_size {$max_objsize} +$disk_cache_opts offline_mode {$offline_mode} EOD; @@ -1305,6 +1308,7 @@ function squid_resync_antivirus(){ if ($antivirus_config['enable']=="on"){ switch ($antivirus_config['client_info']){ case "both": + default: $icap_send_client_ip="on"; $icap_send_client_username="on"; break; @@ -2387,7 +2391,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $xml['squid'] = $config['installedpackages']['squid']; $xml['squidupstream'] = $config['installedpackages']['squidupstream']; $xml['squidcache'] = $config['installedpackages']['squidcache']; - $xml['squidantivirus'] = $config['installedpackages']['squidanitivirus']; + $xml['squidantivirus'] = $config['installedpackages']['squidantivirus']; $xml['squidnac'] = $config['installedpackages']['squidnac']; $xml['squidtraffic'] = $config['installedpackages']['squidtraffic']; $xml['squidreversegeneral'] = $config['installedpackages']['squidreversegeneral']; diff --git a/config/squid3/33/squid_antivirus.xml b/config/squid3/33/squid_antivirus.xml index 67319297..59f33fe2 100755 --- a/config/squid3/33/squid_antivirus.xml +++ b/config/squid3/33/squid_antivirus.xml @@ -110,7 +110,7 @@ <fieldname>client_info</fieldname> <description><![CDATA[Select what client info to forward to clamav.]]></description> <type>select</type> - <default_value>strip</default_value> + <default_value>both</default_value> <options> <option><name>Send Both client username and ip info(Default)</name><value>both</value></option> <option><name>Send only client username</name><value>username</value></option> diff --git a/config/squid3/33/squid_cache.xml b/config/squid3/33/squid_cache.xml index 612e9b73..34115f5e 100755 --- a/config/squid3/33/squid_cache.xml +++ b/config/squid3/33/squid_cache.xml @@ -280,14 +280,14 @@ <field> <fielddescr>Refresh Patterns</fielddescr> <fieldname>refresh_patterns</fieldname> - <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube'>Youtube</a> and <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br> + <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br> <br><strong>Notes:</strong><br> Squid wiki suggests 'Finish transfer if less than x KB remaining' on 'traffic mgmt' squid tab to -1 but you can apply your own values to control cache.<br><br> set Maximum download size on 'traffic mgmt' squid tab to a value that fits patterns your are applying.<br>Microsoft may need 200Mb and youtube 4GB.]]></description> <type>select</type> <default_value>none</default_value> <options> - <option><name>Youtube</name><value>youtube</value></option> + <!--<option><name>Youtube</name><value>youtube</value></option>--> <option><name>Windows Update</name><value>windows</value></option> <option><name>Symantec Antivirus</name><value>symantec</value></option> <option><name>Avira</name><value>avira</value></option> diff --git a/config/squid3/34/check_ip.php b/config/squid3/34/check_ip.php index 5865037b..2fb43339 100644 --- a/config/squid3/34/check_ip.php +++ b/config/squid3/34/check_ip.php @@ -1,9 +1,10 @@ #!/usr/local/bin/php -q <?php -/* $Id$ */ /* check_ip.php + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013-2015 Marcello Coutinho + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,43 +30,45 @@ */ require_once("config.inc"); error_reporting(0); +global $g; // stdin loop -if (! defined(STDIN)) { - define("STDIN", fopen("php://stdin", "r")); +if (!defined(STDIN)) { + define("STDIN", fopen("php://stdin", "r")); +} +if (!defined(STDOUT)) { + define("STDOUT", fopen('php://stdout', 'w')); +} +while (!feof(STDIN)) { + $line = trim(fgets(STDIN)); } -if (! defined(STDOUT)){ - define("STDOUT", fopen('php://stdout', 'w')); - } -while( !feof(STDIN)){ - $line = trim(fgets(STDIN)); - // %SRC unset($cp_db); -$files=scandir($g['vardb_path']); -foreach ($files as $file){ - if (preg_match("/captive.*db/",$file)){ - $result=squid_cp_read_db("{$g['vardb_path']}/{$file}"); - foreach ($result as $rownum => $row){ - $cp_db[$rownum]=implode(",",$row); - } +$files = scandir($g['vardb_path']); +foreach ($files as $file) { + if (preg_match("/captive.*db/", $file)) { + $result = squid_cp_read_db("{$g['vardb_path']}/{$file}"); + foreach ($result as $rownum => $row) { + $cp_db[$rownum] = implode(",", $row); } } - $usuario=""; - //1419045939,1419045939,2000,2000,192.168.10.11,192.168.10.11,08:00:27:5c:e1:ee,08:00:27:5c:e1:ee,marcello,marcello,605a1f46e2d64556,605a1f46e2d64556,,,,,,,,,,,first,first - if (is_array($cp_db)){ - foreach ($cp_db as $cpl){ - $fields=explode(",",$cpl); - if ($fields[4] != "" && $fields[4]==$line) - $usuario=$fields[8]; - } - } - if ($usuario !="") - $resposta="OK user={$usuario}"; - else - $resposta="ERR"; - fwrite (STDOUT, "{$resposta}\n"); - unset($cp_db); + $usuario = ""; + //1419045939,1419045939,2000,2000,192.168.10.11,192.168.10.11,08:00:27:5c:e1:ee,08:00:27:5c:e1:ee,marcello,marcello,605a1f46e2d64556,605a1f46e2d64556,,,,,,,,,,,first,first + if (is_array($cp_db)) { + foreach ($cp_db as $cpl) { + $fields = explode(",", $cpl); + if ($fields[4] != "" && $fields[4] == $line) { + $usuario = $fields[8]; + } + } + } + if ($usuario != "") { + $resposta = "OK user={$usuario}"; + } else { + $resposta = "ERR"; + } + fwrite(STDOUT, "{$resposta}\n"); + unset($cp_db); } /* read captive portal DB into array */ @@ -75,14 +78,13 @@ function squid_cp_read_db($file) { if ($DB) { $response = $DB->query("SELECT * FROM captiveportal"); if ($response != FALSE) { - while ($row = $response->fetchArray()) + while ($row = $response->fetchArray()) { $cpdb[] = $row; + } } $DB->close(); } - return $cpdb; } ?> - diff --git a/config/squid3/34/pkg_squid.inc b/config/squid3/34/pkg_squid.inc index 47b64e2d..8439fa5f 100644 --- a/config/squid3/34/pkg_squid.inc +++ b/config/squid3/34/pkg_squid.inc @@ -8,4 +8,4 @@ $shortcuts['squid']['log'] = "squid_monitor.php"; $shortcuts['squid']['status'] = "status_services.php"; $shortcuts['squid']['service'] = "squid"; -?>
\ No newline at end of file +?> diff --git a/config/squid3/34/sqpmon.sh b/config/squid3/34/sqpmon.sh index 244b3b61..48854565 100644 --- a/config/squid3/34/sqpmon.sh +++ b/config/squid3/34/sqpmon.sh @@ -1,8 +1,10 @@ #!/bin/sh # $Id$ */ # -# sqpmon.sh -# Copyright (C) 2006 Scott Ullrich +# sqpmon.sh +# part of pfSense (https://www.pfSense.org/) +# Copyright (C) 2006 Scott Ullrich +# Copyright (C) 2015 ESF, LLC # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -27,8 +29,8 @@ # POSSIBILITY OF SUCH DAMAGE. # -if [ `pgrep -f "sqpmon.sh"|wc -l` -ge 1 ]; then - exit 0 +if [ `/bin/pgrep -f "sqpmon.sh" | /usr/bin/wc -l` -ge 1 ]; then + exit 0 fi set -e @@ -36,7 +38,7 @@ set -e LOOP_SLEEP=55 if [ -f /var/run/squid_alarm ]; then - rm /var/run/squid_alarm + /bin/rm -f /var/run/squid_alarm fi # Sleep 5 seconds on startup not to mangle with existing boot scripts. @@ -44,32 +46,32 @@ sleep 5 # Squid monitor 1.2 while [ /bin/true ]; do - if [ ! -f /var/run/squid_alarm ]; then - NUM_PROCS=`ps auxw | grep "[s]quid -f"|awk '{print $2}'| wc -l | awk '{ print $1 }'` - if [ $NUM_PROCS -lt 1 ]; then - # squid is down - echo "Squid has exited. Reconfiguring filter." | \ - logger -p daemon.info -i -t Squid_Alarm - echo "Attempting restart..." | logger -p daemon.info -i -t Squid_Alarm - /usr/local/etc/rc.d/squid.sh start - sleep 3 - echo "Reconfiguring filter..." | logger -p daemon.info -i -t Squid_Alarm - /etc/rc.filter_configure - touch /var/run/squid_alarm - fi - fi - NUM_PROCS=`ps auxw | grep "[s]quid -f"|awk '{print $2}'| wc -l | awk '{ print $1 }'` - if [ $NUM_PROCS -gt 0 ]; then - if [ -f /var/run/squid_alarm ]; then - echo "Squid has resumed. Reconfiguring filter." | \ - logger -p daemon.info -i -t Squid_Alarm - /etc/rc.filter_configure - rm /var/run/squid_alarm - fi - fi - sleep $LOOP_SLEEP + if [ ! -f /var/run/squid_alarm ]; then + NUM_PROCS=`/bin/ps auxw | /usr/bin/grep "[s]quid -f" | /usr/bin/awk '{print $2}' | /usr/bin/wc -l | /usr/bin/awk '{ print $1 }'` + if [ $NUM_PROCS -lt 1 ]; then + # squid is down + echo "Squid has exited. Reconfiguring filter." | \ + /usr/bin/logger -p daemon.info -i -t Squid_Alarm + echo "Attempting restart..." | /usr/bin/logger -p daemon.info -i -t Squid_Alarm + /usr/local/etc/rc.d/squid.sh start + sleep 3 + echo "Reconfiguring filter..." | /usr/bin/logger -p daemon.info -i -t Squid_Alarm + /etc/rc.filter_configure + touch /var/run/squid_alarm + fi + fi + NUM_PROCS=`/bin/ps auxw | /usr/bin/grep "[s]quid -f" | /usr/bin/awk '{print $2}' | /usr/bin/wc -l | /usr/bin/awk '{ print $1 }'` + if [ $NUM_PROCS -gt 0 ]; then + if [ -f /var/run/squid_alarm ]; then + echo "Squid has resumed. Reconfiguring filter." | \ + /usr/bin/logger -p daemon.info -i -t Squid_Alarm + /etc/rc.filter_configure + /bin/rm -f /var/run/squid_alarm + fi + fi + sleep $LOOP_SLEEP done if [ -f /var/run/squid_alarm ]; then - rm /var/run/squid_alarm + /bin/rm -f /var/run/squid_alarm fi diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 7155d560..e906a1bb 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -1,12 +1,13 @@ <?php -/* $Id$ */ /* squid.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2006-2009 Scott Ullrich Copyright (C) 2006 Fernando Lemos Copyright (C) 2012 Martin Fuchs Copyright (C) 2012-2014 Marcello Coutinho Copyright (C) 2013 Gekkenhuis + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -30,7 +31,6 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require_once('globals.inc'); require_once('config.inc'); require_once('util.inc'); @@ -38,13 +38,14 @@ require_once('pfsense-utils.inc'); require_once('pkg-utils.inc'); require_once('service-utils.inc'); -if (!function_exists("filter_configure")) +if (!function_exists("filter_configure")) { require_once("filter.inc"); +} $shortcut_section = "squid"; global $pfs_version; -$pfs_version=substr(trim(file_get_contents("/etc/version")),0,3); +$pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pfs_version == "2.1" || $pfs_version == "2.2") { define('SQUID_BASE', '/usr/pbi/squid-' . php_uname("m")); define('SQUID_LOCALBASE', SQUID_BASE . "/local"); @@ -65,24 +66,27 @@ define('SQUID_SSL_DB','/var/squid/lib/ssl_db'); $valid_acls = array(); -$uname=posix_uname(); -if ($uname['machine']=='amd64') +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') { ini_set('memory_limit', '250M'); +} function sq_text_area_decode($text) { - return preg_replace('/\r\n/', "\n",base64_decode($text)); + return preg_replace('/\r\n/', "\n", base64_decode($text)); } function squid_get_real_interface_address($iface) { - if (!function_exists("get_interface_ip")) + if (!function_exists("get_interface_ip")) { require_once("interfaces.inc"); + } return array(get_interface_ip($iface), gen_subnet_mask(get_interface_subnet($iface))); } function squid_chown_recursive($dir, $user, $group) { - if ($dir == '/usr/local') + if ($dir == '/usr/local') { return; + } chown($dir, $user); chgrp($dir, $group); @@ -102,46 +106,50 @@ function squid_chown_recursive($dir, $user, $group) { } function squid_check_clamav_user($user) { - if (SQUID_BASE == '/usr/local') + if (SQUID_BASE == '/usr/local') { return; + } - $_gc = exec("/usr/sbin/pw usershow {$user}",$sq_ex_output,$sq_ex_return); - $user_arg=($sq_ex_return == 0?"mod":"add"); - $_gc = exec("/usr/sbin/pw user{$user_arg} {$user} -G wheel -u 9595 -s /sbin/nologin",$sq_ex_output,$sq_ex_return); - if ($sq_ex_return != 0) - log_error("Squid - Could not change clamav user settings. ".serialize($sq_ex_output)); + $_gc = exec("/usr/sbin/pw usershow {$user}", $sq_ex_output, $sq_ex_return); + $user_arg = ($sq_ex_return == 0 ? "mod" : "add"); + $_gc = exec("/usr/sbin/pw user{$user_arg} {$user} -G wheel -u 9595 -s /sbin/nologin", $sq_ex_output, $sq_ex_return); + if ($sq_ex_return != 0) { + log_error("Squid - Could not change clamav user settings. " . serialize($sq_ex_output)); + } } /* setup cache */ -function squid_dash_z($cache_action='none') { +function squid_dash_z($cache_action = 'none') { global $config; //Do nothing if there is no cache config - if (!is_array($config['installedpackages']['squidcache']['config'])) + if (!is_array($config['installedpackages']['squidcache']['config'])) { return; + } $settings = $config['installedpackages']['squidcache']['config'][0]; // If the cache system is null, there is no need to initialize the (irrelevant) cache dir. - if ($settings['harddisk_cache_system'] == "null") + if ($settings['harddisk_cache_system'] == "null") { return; + } $cachedir = ($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); if ($cache_action == "clean" && file_exists($cachedir)) { - rename ($cachedir, "{$cachedir}.old"); + rename($cachedir, "{$cachedir}.old"); mwexec_bg("/bin/rm -rf {$cachedir}.old"); } if (!is_dir($cachedir)) { log_error("Creating Squid cache dir {$cachedir}"); - @mkdir($cachedir, 0755, true); + safe_mkdir($cachedir, 0755); @chown($cachedir, SQUID_UID); @chgrp($cachedir, SQUID_GID); } - if (!is_dir($cachedir.'/00')) { - log_error("Creating squid cache subdirs in $cachedir"); + if (!is_dir($cachedir . '/00')) { + log_error("Creating Squid cache subdirs in $cachedir"); mwexec(SQUID_BASE. "/sbin/squid -k shutdown -f " . SQUID_CONFFILE); sleep(5); mwexec(SQUID_BASE. "/sbin/squid -k kill -f " . SQUID_CONFFILE); @@ -153,15 +161,16 @@ function squid_dash_z($cache_action='none') { if (file_exists("/var/squid/cache/swap.state")) { chown("/var/squid/cache/swap.state", SQUID_UID); chgrp("/var/squid/cache/swap.state", SQUID_GID); - chmod("/var/squid/cache/swap.state", "a+rw"); + chmod("/var/squid/cache/swap.state", 0666); } } function squid_is_valid_acl($acl) { global $valid_acls; - if (!is_array($valid_acls)) + if (!is_array($valid_acls)) { return; + } return in_array($acl, $valid_acls); } @@ -171,19 +180,22 @@ function squid_install_command() { update_status("Checking if there is configuration to migrate... One moment please..."); /* migrate existing csv config fields */ - if (is_array($config['installedpackages']['squidauth']['config'])) + if (is_array($config['installedpackages']['squidauth']['config'])) { $settingsauth = $config['installedpackages']['squidauth']['config'][0]; - if (is_array($config['installedpackages']['squidcache']['config'])) + } + if (is_array($config['installedpackages']['squidcache']['config'])) { $settingscache = $config['installedpackages']['squidcache']['config'][0]; - if (is_array($config['installedpackages']['squidnac']['config'])) + } + if (is_array($config['installedpackages']['squidnac']['config'])) { $settingsnac = $config['installedpackages']['squidnac']['config'][0]; - if (is_array($config['installedpackages']['squid']['config'])) + } + if (is_array($config['installedpackages']['squid']['config'])) { $settingsgen = $config['installedpackages']['squid']['config'][0]; + } - if (SQUID_BASE != '/usr/local' && - file_exists('/usr/local/bin/check_ip.php') && - !file_exists(SQUID_BASE . '/bin/check_ip.php')) + if (SQUID_BASE != '/usr/local' && file_exists('/usr/local/bin/check_ip.php') && !file_exists(SQUID_BASE . '/bin/check_ip.php')) { symlink("/usr/local/bin/check_ip.php", SQUID_BASE . "/bin/check_ip.php"); + } /* Set storage system */ if ($g['platform'] == "nanobsd") { @@ -248,22 +260,22 @@ function squid_install_command() { $config['installedpackages']['squidnac']['config'][0]['block_reply_mime_type'] = $settingsnac['block_reply_mime_type']; } - /*Migrate reverse settings*/ + /* migrate reverse settings */ if (is_array($config['installedpackages']['squidreverse'])) { - $old_reverse_settings=$config['installedpackages']['squidreverse']['config'][0]; + $old_reverse_settings = $config['installedpackages']['squidreverse']['config'][0]; - //Settings + // settings if (!is_array($config['installedpackages']['squidreversegeneral'])) { - $config['installedpackages']['squidreversegeneral']['config'][0]=$old_reverse_settings; - unset ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']); - unset ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']); - unset ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']); + $config['installedpackages']['squidreversegeneral']['config'][0] = $old_reverse_settings; + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_cache_peer']); + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_uri']); + unset($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_acl']); } - //PEERS + // peers if (!is_array($config['installedpackages']['squidreversepeer'])) { - foreach (explode("\n",sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) { - foreach (explode(";",$cache_peers) as $cache_peer) { + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_cache_peer'])) as $cache_peers) { + foreach (explode(";", $cache_peers) as $cache_peer) { $config['installedpackages']['squidreversepeer']['config'][] = array( 'description' => 'migrated', 'enable' => 'on', @@ -275,16 +287,16 @@ function squid_install_command() { } } - //MAPPINGS + // mappings if (!is_array($config['installedpackages']['squidreverseuri'])) { - foreach (explode("\n",sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) { - foreach (explode(";",$acls) as $acl) { + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_acl'])) as $acls) { + foreach (explode(";", $acls) as $acl) { array_push(${'peer_'.$acl[0]},$acl[1]); } } - foreach (explode("\n",sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) { - foreach (explode(";",$uris) as $uri) { - $peer_list=(is_array(${'peer_'.$uri[0]})?implode(",",${'peer_'.$uri[0]}):""); + foreach (explode("\n", sq_text_area_decode($old_reverse_settings['reverse_uri'])) as $uris) { + foreach (explode(";", $uris) as $uri) { + $peer_list = (is_array(${'peer_' . $uri[0]}) ? implode(",", ${'peer_' . $uri[0]}) : ""); $config['installedpackages']['squidreverseuri']['config'][] = array( 'description' => 'migrated', 'enable' => 'on', @@ -299,146 +311,89 @@ function squid_install_command() { } update_status("Writing configuration... One moment please..."); - write_config(); - /* create cache */ - update_status("Creating squid cache pools... One moment please..."); - squid_dash_z(); - - /* make sure pinger is executable */ - if (file_exists(SQUID_LOCALBASE. "/libexec/squid/pinger")) - @chmod(SQUID_LOCALBASE. "/libexec/squid/pinger", "a+x"); - - // XXX: Is it really necessary? - if (file_exists("/usr/local/etc/rc.d/squid")) - unlink_if_exists("/usr/local/etc/rc.d/squid"); + /* make sure pinger is executable and suid root */ + // XXX: Bug #5114 + if (file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) { + chgrp(SQUID_LOCALBASE . "/libexec/squid/pinger", SQUID_GID); + } squid_write_rcfile(); // XXX: Is it really necessary? mode is set to 0755 in squid.xml - if (file_exists("/usr/local/pkg/swapstate_check.php")) - @chmod("/usr/local/pkg/swapstate_check.php", "a+x"); + if (file_exists("/usr/local/pkg/swapstate_check.php")) { + @chmod("/usr/local/pkg/swapstate_check.php", 0755); + } write_rcfile(array( "file" => "sqp_monitor.sh", "start" => "/usr/local/pkg/sqpmon.sh &", - "stop" => "ps awux | grep \"sqpmon\" | grep -v \"grep\" | grep -v \"php\" | awk '{ print $2 }' | xargs kill") + "stop" => "/bin/ps awux | /usr/bin/grep \"sqpmon\" | /usr/bin/grep -v \"grep\" | /usr/bin/grep -v \"php\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill") ); - foreach (array( SQUID_CONFBASE, - SQUID_ACLDIR, - SQUID_SSL_DB ) as $dir) { - @mkdir($dir, 0755, true); - squid_chown_recursive($dir, SQUID_UID, SQUID_GID); + // make a backup of default c-icap config file on install; also see squid_resync_antivirus() function below + if (!file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default")) { + if (file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.sample")) { + copy(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.sample", SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default"); + } } - /* kill any running proxy alarm scripts */ - update_status("Checking for running processes... One moment please..."); - log_error("Stopping any running proxy monitors"); - mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); - sleep(1); + foreach (array(SQUID_CONFBASE, SQUID_ACLDIR, SQUID_SSL_DB) as $dir) { + safe_mkdir($dir, 0755); + squid_chown_recursive($dir, SQUID_UID, SQUID_GID); + } if (!file_exists(SQUID_CONFBASE . '/mime.conf') && file_exists(SQUID_CONFBASE . '/mime.conf.default')) copy(SQUID_CONFBASE . '/mime.conf.default', SQUID_CONFBASE . '/mime.conf'); - update_status("Checking cache... One moment please..."); - squid_dash_z(); - - if (!is_service_running('squid')) { - update_status("Starting... One moment please..."); - log_error("Starting Squid"); - mwexec_bg(SQUID_BASE. "/sbin/squid -f " . SQUID_CONFFILE); - } else { - update_status("Reloading Squid for configuration sync... One moment please..."); - log_error("Reloading Squid for configuration sync"); - mwexec_bg(SQUID_BASE. "/sbin/squid -k reconfigure -f " . SQUID_CONFFILE); - } - - /* restart proxy alarm scripts */ - log_error("Starting a proxy monitor script"); - mwexec_bg("/usr/local/etc/rc.d/sqp_monitor.sh start"); - - update_status("Reconfiguring filter... One moment please..."); - filter_configure(); } function squid_deinstall_command() { global $config, $g; - $plswait_txt = "This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."; + $plswait_txt = "This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."; squid_install_cron(false); - if (is_array($config['installedpackages']['squidcache'])) + if (is_array($config['installedpackages']['squidcache'])) { $settings = $config['installedpackages']['squidcache']['config'][0]; - else + } else { $settings = array(); + } $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); update_status("Removing cache ... One moment please..."); update_output_window("$plswait_txt"); // XXX: Is it ok to remove cache and logs? It's going to happen every time package is updated - mwexec_bg("rm -rf {$cachedir}"); - mwexec("rm -rf {$logdir}"); + mwexec_bg("/bin/rm -rf {$cachedir}"); + mwexec("/bin/rm -rf {$logdir}"); update_status("Finishing package cleanup."); mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); unlink_if_exists('/usr/local/etc/rc.d/sqp_monitor.sh'); - mwexec("ps awux | grep \"squid\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); - mwexec("ps awux | grep \"dnsserver\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); - mwexec("ps awux | grep \"unlinkd\" | grep -v \"grep\" | awk '{ print $2 }' | xargs kill"); + mwexec("/bin/ps awux | /usr/bin/grep \"squid\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); + mwexec("/bin/ps awux | /usr/bin/grep \"dnsserver\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); + mwexec("/bin/ps awux | /usr/bin/grep \"unlinkd\" | /usr/bin/grep -v \"grep\" | /usr/bin/awk '{ print $2 }' | /usr/bin/xargs kill"); update_status("Reloading filter..."); filter_configure(); } -function squid_before_form_general(&$pkg) { - $values = get_dir(SQUID_CONFBASE . '/errors/'); - /* - * XXX: This logic is broken. Probably the idea in the past - * was to skip '.', '..'. 'COPYRIGHT' and 'TRANSLATORS' and - * errors subdirectories used to be more meaning, like 'English' - * or Brazillian_Portuguese. - * - * Nowadays they are 'en', 'pt-br', ... and also there is a - * 'templates' directory to be skipped - */ - // Get rid of '..' and '.' and ... - array_shift($values); - array_shift($values); - array_shift($values); - array_shift($values); - - $name = array(); - foreach ($values as $value) - $names[] = implode(" ", explode("_", $value)); - - $i = 0; - foreach ($pkg['fields']['field'] as $field) { - if ($field['fieldname'] == 'error_language') - break; - $i++; - } - $field = &$pkg['fields']['field'][$i]; - - for ($i = 0; $i < count($values) - 1; $i++) - $field['options']['option'][] = array('name' => $names[$i], 'value' => $values[$i]); -} - function squid_validate_antivirus($post, &$input_errors) { global $config; - if ($post['enable'] != "on") + if ($post['enable'] != "on") { return; + } - if ($post['squidclamav'] && preg_match("/(\S+proxy.domain\S+)/",$post['squidclamav'],$a_match)) { - $input_errors[] ="Squidclamav warns redirect points to sample config domain ({$a_match[1]})"; - $input_errors[] ="Change redirect info on 'squidclamav.conf' field to pfsense gui or an external host. "; + if ($post['squidclamav'] && preg_match("/(\S+proxy.domain\S+)/", $post['squidclamav'], $a_match)) { + $input_errors[] = "SquidClamav warnings redirect points to sample config domain ({$a_match[1]})"; + $input_errors[] = "Change redirect info on 'squidclamav.conf' field to pfSense GUI or an external host."; } if ($post['c-icap_conf']) { - if (!preg_match("/squid_clamav/",$post['c-icap_conf'])) { - $input_errors[] ="c-icap Squidclamav service definition is no present."; - $input_errors[] ="Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working."; + if (!preg_match("/squid_clamav/", $post['c-icap_conf'])) { + $input_errors[] = "c-icap Squidclamav service definition is not present."; + $input_errors[] = "Add 'Service squid_clamav squidclamav.so'(without quotes) to 'c-icap.conf' field in order to get it working."; } - if (preg_match("/(Manager:Apassword\S+)/",$post['c-icap_conf'],$c_match)) { - $input_errors[] ="Remove ldap configuration'{$c_match[1]}' from 'c-icap.conf' field."; + if (preg_match("/(Manager:Apassword\S+)/", $post['c-icap_conf'], $c_match)) { + $input_errors[] = "Remove ldap configuration'{$c_match[1]}' from 'c-icap.conf' field."; } } } @@ -446,31 +401,37 @@ function squid_validate_antivirus($post, &$input_errors) { function squid_validate_general($post, &$input_errors) { global $config; - if (is_array($config['installedpackages']['squid'])) + if (is_array($config['installedpackages']['squid'])) { $settings = $config['installedpackages']['squid']['config'][0]; - else + } else { $settings = array(); + } $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); $port = $post['proxy_port'] ? $post['proxy_port'] : $port; $icp_port = trim($post['icp_port']); - if (!empty($icp_port) && !is_port($icp_port)) - $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field'; + if (!empty($icp_port) && !is_port($icp_port)) { + $input_errors[] = 'You must enter a valid port number in the \'ICP port\' field.'; + } - if (substr($post['log_dir'], -1, 1) == '/') - $input_errors[] = 'You may not end log location with an / mark'; + if (substr($post['log_dir'], -1, 1) == '/') { + $input_errors[] = 'Log location must not end with a / character.'; + } - if ($post['log_dir']{0} != '/') - $input_errors[] = 'You must start log location with a / mark'; + if ($post['log_dir']{0} != '/') { + $input_errors[] = 'Log location must start with a / character.'; + } - if (strlen($post['log_dir']) <= 3) - $input_errors[] = "That is not a valid log location dir"; + if (strlen($post['log_dir']) <= 3) { + $input_errors[] = "Configured log location directory is not valid."; + } $log_rotate = trim($post['log_rotate']); - if (!empty($log_rotate) && (!is_numericint($log_rotate) or ($log_rotate < 1))) - $input_errors[] = 'You must enter a valid number of days in the \'Log rotate\' field'; + if (!empty($log_rotate) && (!is_numericint($log_rotate) or ($log_rotate < 1))) { + $input_errors[] = "You must enter a valid number of days in the 'Log rotate' field."; + } $webgui_port = $config['system']['webgui']['port']; @@ -482,7 +443,7 @@ function squid_validate_general($post, &$input_errors) { } if (($post['transparent_proxy'] != 'on') && ($port == $webgui_port)) { - $input_errors[] = "You can not run squid on the same port as the webgui"; + $input_errors[] = "You can not run Squid on the same port as the pfSense WebGUI"; } if (($post['ssl_proxy'] == 'on') && ( $post['dca'] == '')) { @@ -492,15 +453,17 @@ function squid_validate_general($post, &$input_errors) { foreach (array('defined_ip_proxy_off') as $hosts) { foreach (explode(";", $post[$hosts]) as $host) { $host = trim($host); - if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host) && !is_subnet($host)) - $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias"; + if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host) && !is_subnet($host)) { + $input_errors[] = "'Bypass proxy for these source IPs' entry '$host' is not a valid IP address, hostname, or alias."; + } } } foreach (array('defined_ip_proxy_off_dest') as $hosts) { foreach (explode(";", $post[$hosts]) as $host) { $host = trim($host); - if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host) && !is_subnet($host)) - $input_errors[] = "The entry '$host' is not a valid IP address, hostname, or alias"; + if (!empty($host) && !is_ipaddr($host) && !is_alias($host) && !is_hostname($host) && !is_subnet($host)) { + $input_errors[] = "'Bypass proxy for these destination IPs' entry '$host' is not a valid IP address, hostname, or alias."; + } } } @@ -508,7 +471,7 @@ function squid_validate_general($post, &$input_errors) { $altdns = explode(";", ($post['dns_nameservers'])); foreach ($altdns as $dnssrv) { if (!is_ipaddr($dnssrv)) { - $input_errors[] = 'You must enter a valid IP address in the \'Alternate DNS servers\' field'; + $input_errors[] = "You must enter a valid IP address in the 'Alternate DNS servers' field."; break; } } @@ -516,24 +479,27 @@ function squid_validate_general($post, &$input_errors) { } function squid_validate_upstream($post, &$input_errors) { - if ($post['enabled'] != 'on') + if ($post['enabled'] != 'on') { return; + } $addr = trim($post['proxyaddr']); if (empty($addr)) { - $input_errors[] = 'The field \'Hostname\' is required'; + $input_errors[] = "The 'Proxy hostname' field is required"; } else { - if (!is_ipaddr($addr) && !is_domain($addr)) - $input_errors[] = 'You must enter a valid IP address or host name in the \'Proxy hostname\' field'; + if (!is_ipaddr($addr) && !is_domain($addr)) { + $input_errors[] = "You must enter a valid IP address or host name in the 'Proxy hostname' field."; + } } foreach (array('proxyport' => 'TCP port', 'icpport' => 'ICP port') as $field => $name) { $port = trim($post[$field]); if (empty($port)) { - $input_errors[] = "The field '$name' is required"; + $input_errors[] = "The '$name' field is required."; } else { - if (!is_port($port)) - $input_errors[] = "The field '$name' must contain a valid port number, between 0 and 65535"; + if (!is_port($port)) { + $input_errors[] = "The '$name' field must contain a valid port number (1-65535)."; + } } } } @@ -547,31 +513,36 @@ function squid_validate_cache($post, &$input_errors) { foreach ($num_fields as $field => $name) { $value = trim($post[$field]); - if (!is_numericint($value)) - $input_errors[] = "You must enter a valid value for '$field'"; + if (!is_numericint($value)) { + $input_errors[] = "You must enter a valid value for '$field'."; + } } $value = trim($post['minimum_object_size']); - if (!is_numericint($value)) - $input_errors[] = 'You must enter a valid value for \'Minimum object size\''; + if (!is_numericint($value)) { + $input_errors[] = "You must enter a valid value for 'Minimum object size'."; + } if (!empty($post['cache_swap_low'])) { $value = trim($post['cache_swap_low']); - if (!is_numericint($value) || ($value > 100)) - $input_errors[] = 'You must enter a valid value for \'Low-water-mark\''; + if (!is_numericint($value) || ($value > 100)) { + $input_errors[] = "You must enter a valid value for 'Low-water-mark'."; + } } if (!empty($post['cache_swap_high'])) { $value = trim($post['cache_swap_high']); - if (!is_numericint($value) || ($value > 100)) - $input_errors[] = 'You must enter a valid value for \'High-water-mark\''; + if (!is_numericint($value) || ($value > 100)) { + $input_errors[] = "You must enter a valid value for 'High-water-mark'."; + } } if ($post['donotcache'] != "") { foreach (split("\n", $post['donotcache']) as $host) { $host = trim($host); - if (!is_ipaddr($host) && !is_domain($host)) - $input_errors[] = "The host '$host' is not a valid IP or host name"; + if (!is_ipaddr($host) && !is_domain($host)) { + $input_errors[] = "The host '$host' is not a valid IP or hostname."; + } } } @@ -582,19 +553,22 @@ function squid_validate_nac($post, &$input_errors) { $allowed_subnets = explode("\n", $post['allowed_subnets']); foreach ($allowed_subnets as $subnet) { $subnet = trim($subnet); - if (!empty($subnet) && !is_subnet($subnet)) - $input_errors[] = "The subnet '$subnet' is not a valid CIDR range"; + if (!empty($subnet) && !is_subnet($subnet)) { + $input_errors[] = "The subnet '$subnet' is not a valid CIDR range."; + } } foreach (array('unrestricted_hosts', 'banned_hosts') as $hosts) { - if (preg_match_all("@([0-9.]+)(/[0-9.]+|)@",$_POST[$hosts],$matches)) { - for ($x=0; $x < count($matches[1]); $x++) { + if (preg_match_all("@([0-9.]+)(/[0-9.]+|)@", $_POST[$hosts], $matches)) { + for ($x = 0; $x < count($matches[1]); $x++) { if ($matches[2][$x] == "") { - if (!is_ipaddr($matches[1][$x])) - $input_errors[] = "'{$matches[1][$x]}' is not a valid IP address"; + if (!is_ipaddr($matches[1][$x])) { + $input_errors[] = "'{$matches[1][$x]}' is not a valid IP address."; + } } else { - if (!is_subnet($matches[0][$x])) - $input_errors[] = "The subnet '{$matches[0][$x]}' is not a valid CIDR range"; + if (!is_subnet($matches[0][$x])) { + $input_errors[] = "The subnet '{$matches[0][$x]}' is not a valid CIDR range."; + } } } } @@ -603,22 +577,25 @@ function squid_validate_nac($post, &$input_errors) { foreach (array('unrestricted_macs', 'banned_macs') as $macs) { foreach (explode("\n", $post[$macs]) as $mac) { $mac = trim($mac); - if (!empty($mac) && !is_macaddr($mac)) - $input_errors[] = "The mac '$mac' is not a valid MAC address"; + if (!empty($mac) && !is_macaddr($mac)) { + $input_errors[] = "'$mac' is not a valid MAC address."; + } } } foreach (explode(",", $post['timelist']) as $time) { $time = trim($time); - if (!empty($time) && !squid_is_timerange($time)) - $input_errors[] = "The time range '$time' is not a valid time range"; + if (!empty($time) && !squid_is_timerange($time)) { + $input_errors[] = "The time range '$time' is not a valid time range."; + } } if (!empty($post['ext_cachemanager'])) { $extmgr = explode(";", ($post['ext_cachemanager'])); foreach ($extmgr as $mgr) { - if (!is_ipaddr($mgr)) - $input_errors[] = 'You must enter a valid IP address in the \'External Cache Manager\' field'; + if (!is_ipaddr($mgr)) { + $input_errors[] = "You must enter a valid IP address in the 'External Cache Manager' field'."; + } } } } @@ -633,26 +610,30 @@ function squid_validate_traffic($post, &$input_errors) { foreach ($num_fields as $field => $name) { $value = trim($post[$field]); - if (!is_numericint($value)) - $input_errors[] = "The field '$name' must contain a positive number"; + if (!is_numericint($value)) { + $input_errors[] = "The '$name' field must contain a positive integer."; + } } if (!empty($post['quick_abort_min'])) { $value = trim($post['quick_abort_min']); - if (!is_numericint($value)) - $input_errors[] = "The field 'Finish when remaining KB' must contain a positive number"; + if ((!is_numericint($value)) && ($value !== -1)) { + $input_errors[] = "'Finish when remaining KB' must contain a positive integer or '-1'."; + } } if (!empty($post['quick_abort_max'])) { $value = trim($post['quick_abort_max']); - if (!is_numericint($value)) - $input_errors[] = "The field 'Abort when remaining KB' must contain a positive number"; + if (!is_numericint($value)) { + $input_errors[] = "'Abort when remaining KB' must contain a positive integer."; + } } if (!empty($post['quick_abort_pct'])) { $value = trim($post['quick_abort_pct']); - if (!is_numericint($value) || ($value > 100)) - $input_errors[] = "The field 'Finish when remaining %' must contain a percentage"; + if (!is_numericint($value) || ($value > 100)) { + $input_errors[] = "'Finish when remaining %' must contain valid percentage (1-100)."; + } } } @@ -662,33 +643,37 @@ function squid_validate_reverse($post, &$input_errors) { if (!empty($post['reverse_ip'])) { $reverse_ip = explode(";", ($post['reverse_ip'])); foreach ($reverse_ip as $reip) { - if (!is_ipaddr(trim($reip))) - $input_errors[] = 'You must enter a valid IP address in the \'User-defined reverse-proxy IPs\' field'.' -> \''.$reip.'\' is invalid.'; + if (!is_ipaddr(trim($reip))) { + $input_errors[] = "You must enter a valid IP address in the 'User-defined reverse-proxy IPs' field. '$reip' is invalid."; + } } } $fqdn = trim($post['reverse_external_fqdn']); - if (!empty($fqdn) && !is_domain($fqdn)) - $input_errors[] = 'The field \'external FQDN\' must contain a valid domain name'; + if (!empty($fqdn) && !is_domain($fqdn)) { + $input_errors[] = "'External FQDN' field must contain a valid domain name."; + } $port = trim($post['reverse_http_port']); - // XXX: Where is $portrange being defined ??? - preg_match("/(\d+)/",`sysctl net.inet.ip.portrange.reservedhigh`,$portrange); - if (!empty($port) && !is_port($port)) - $input_errors[] = 'The field \'reverse HTTP port\' must contain a valid port number'; + preg_match("/(\d+)/", shell_exec("/sbin/sysctl net.inet.ip.portrange.reservedhigh"), $portrange); + if (!empty($port) && !is_port($port)) { + $input_errors[] = "'Reverse HTTP port' must contain a valid port number."; + } if (!empty($port) && is_port($port) && $port <= $portrange[1]) { - $input_errors[] = "The field 'reverse HTTP port' must contain a port number higher than net.inet.ip.portrange.reservedhigh sysctl value({$portrange[1]})."; - $input_errors[] = "To listen on low ports, change portrange.reservedhigh sysctl value to 0 on system tunable options and restart squid daemon."; + $input_errors[] = "'Reverse HTTP port' must contain a port number higher than net.inet.ip.portrange.reservedhigh sysctl value({$portrange[1]})."; + $input_errors[] = "To listen on low ports, change portrange.reservedhigh sysctl value to 0 in system tunable options and restart Squid daemon."; } $port = trim($post['reverse_https_port']); - if (!empty($port) && !is_port($port)) - $input_errors[] = 'The field \'reverse HTTPS port\' must contain a valid port number'; + if (!empty($port) && !is_port($port)) { + $input_errors[] = "'Reverse HTTPS port' must contain a valid port number."; + } if (!empty($port) && is_port($port) && $port <= $portrange[1]) { - $input_errors[] = "The field 'reverse HTTPS port' must contain a port number higher than net.inet.ip.portrange.reservedhigh sysctl value({$portrange[1]})."; - $input_errors[] = "To listen on low ports, change portrange.reservedhigh sysctl value to 0 on system tunable options and restart squid daemon."; + $input_errors[] = "'Reverse HTTPS port' must contain a port number higher than net.inet.ip.portrange.reservedhigh sysctl value({$portrange[1]})."; + $input_errors[] = "To listen on low ports, change portrange.reservedhigh sysctl value to 0 in system tunable options and restart Squid daemon."; } - if ($post['reverse_ssl_cert'] == 'none') + if ($post['reverse_ssl_cert'] == 'none') { $input_errors[] = 'A valid certificate for the external interface must be selected'; + } if (($post['reverse_https'] != 'on') && ($post['reverse_owa'] == 'on')) { $input_errors[] = "You have to enable reverse HTTPS before enabling OWA support."; @@ -697,8 +682,9 @@ function squid_validate_reverse($post, &$input_errors) { if (!empty($post['reverse_owa_ip'])) { $reverse_owa_ip = explode(";", ($post['reverse_owa_ip'])); foreach ($reverse_owa_ip as $reowaip) { - if (!is_ipaddr(trim($reowaip))) - $input_errors[] = 'You must enter a valid IP address in the \'CAS-Array / OWA frontend IP address\' field'.' -> \''.$reowaip.'\' is invalid.'; + if (!is_ipaddr(trim($reowaip))) { + $input_errors[] = "You must enter a valid IP address in the 'CAS-Array / OWA frontend IP address' field. '$reowaip' is invalid."; + } } } @@ -706,13 +692,16 @@ function squid_validate_reverse($post, &$input_errors) { if (!empty($contents)) { $defs = explode("\r\n", ($contents)); foreach ($defs as $def) { - $cfg = explode(";",($def)); - if (!is_ipaddr($cfg[1])) - $input_errors[] = "please choose a valid IP in the cache peer configuration."; - if (!is_port($cfg[2])) - $input_errors[] = "please choose a valid port in the cache peer configuration."; - if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP')) - $input_errors[] = "please choose HTTP or HTTPS in the cache peer configuration."; + $cfg = explode(";", ($def)); + if (!is_ipaddr($cfg[1])) { + $input_errors[] = "Please choose a valid IP in the cache peer configuration."; + } + if (!is_port($cfg[2])) { + $input_errors[] = "Please choose a valid port in the cache peer configuration."; + } + if (($cfg[3] != 'HTTPS') && ($cfg[3] != 'HTTP')) { + $input_errors[] = "Please choose HTTP or HTTPS in the cache peer configuration."; + } } } } @@ -725,148 +714,100 @@ function squid_validate_auth($post, &$input_errors) { foreach ($num_fields as $field) { $value = trim($post[$field[0]]); - if (!empty($value) && (!is_numeric($value) || ($value < $field[2]))) - $input_errors[] = "The field '{$field[1]}' must contain a valid number greater than {$field[2]}"; + if (!empty($value) && (!is_numeric($value) || ($value < $field[2]))) { + $input_errors[] = "The '{$field[1]}' field must contain a valid number greater than {$field[2]}"; + } } $auth_method = $post['auth_method']; if (($auth_method != 'none') && ($auth_method != 'local') && ($auth_method != 'cp')) { $server = trim($post['auth_server']); - if (empty($server)) - $input_errors[] = 'The field \'Authentication server\' is required'; - else if (!is_ipaddr($server) && !is_domain($server)) - $input_errors[] = 'The field \'Authentication server\' must contain a valid IP address or domain name'; + if (empty($server)) { + $input_errors[] = "'Authentication server' is required."; + } elseif (!is_ipaddr($server) && !is_domain($server)) { + $input_errors[] = "'Authentication server' must contain a valid IP address or domain name."; + } $port = trim($post['auth_server_port']); - if (!empty($port) && !is_port($port)) - $input_errors[] = 'The field \'Authentication server port\' must contain a valid port number'; + if (!empty($port) && !is_port($port)) { + $input_errors[] = "'Authentication server port' must contain a valid port number."; + } switch ($auth_method) { - case 'ldap': - $user = trim($post['ldap_user']); - if (empty($user)) - $input_errors[] = 'The field \'LDAP server user DN\' is required'; - else if (!$user) - $input_errors[] = 'The field \'LDAP server user DN\' must be a valid domain name'; - break; - case 'radius': - $secret = trim($post['radius_secret']); - if (empty($secret)) - $input_errors[] = 'The field \'RADIUS secret\' is required'; - break; - case 'msnt': - foreach (explode(",", trim($post['msnt_secondary'])) as $server) { - if (!empty($server) && !is_ipaddr($server) && !is_domain($server)) - $input_errors[] = "The host '$server' is not a valid IP address or domain name"; - } - break; + case 'ldap': + $user = trim($post['ldap_user']); + if (empty($user)) { + $input_errors[] = "'LDAP server user DN' is required."; + } elseif (!$user) { + $input_errors[] = "'LDAP server user DN' must be a valid DN."; + } + break; + case 'radius': + $secret = trim($post['radius_secret']); + if (empty($secret)) { + $input_errors[] = "'RADIUS secret' is required."; + } + break; + case 'msnt': + foreach (explode(",", trim($post['msnt_secondary'])) as $server) { + if (!empty($server) && !is_ipaddr($server) && !is_domain($server)) { + $input_errors[] = "The host '$server' is not a valid IP address or domain name"; + } + } + break; } $no_auth = explode("\n", $post['no_auth_hosts']); foreach ($no_auth as $host) { $host = trim($host); - if (!empty($host) && !is_subnet($host)) + if (!empty($host) && !is_subnet($host)) { $input_errors[] = "The host '$host' is not a valid CIDR range"; + } } } } function squid_install_cron($should_install) { - global $config, $g; - - if ($g['booting']==true) - return; - $rotate_is_installed = false; - $swapstate_is_installed = false; + global $config; - if (!$config['cron']['item']) + if (platform_booting()) { return; + } - if (is_array($config['installedpackages']['squidcache'])) + parse_config(true); + if (is_array($config['installedpackages']['squidcache'])) { $settings = $config['installedpackages']['squidcache']['config'][0]; - else + } else { $settings = array(); - - $x=0; - $rotate_job_id=-1; - $swapstate_job_id=-1; - $cron_cmd=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); - $cron_cmd .= SQUID_BASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE; - $need_write = false; - foreach ($config['cron']['item'] as $item) { - if (strstr($item['task_name'], "squid_rotate_logs")) { - $rotate_job_id = $x; - if ($item['command'] != $cron_cmd) { - $config['cron']['item'][$x]['command']=$cron_cmd; - $need_write = true; - } - } elseif (strstr($item['task_name'], "squid_check_swapstate")) { - $swapstate_job_id = $x; - } - $x++; } + + $cron_cmd = ($settings['clear_cache'] == 'on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); + $cron_cmd .= SQUID_BASE . "/sbin/squid -k rotate -f " . SQUID_CONFFILE; + install_cron_job("{$cron_cmd}", $should_install, "0", "0", "*", "*", "*", "root"); + + $swapstate_cmd = "/usr/local/pkg/swapstate_check.php clean; "; if ($should_install) { - $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); - if ($rotate_job_id < 0) { - $cron_item['command']=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); - $cron_item = array(); - $cron_item['task_name'] = "squid_rotate_logs"; - $cron_item['minute'] = "0"; - $cron_item['hour'] = "0"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] .= $cron_cmd; - /* Add this cron_item as a new entry at the end of the item array. */ - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($swapstate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "squid_check_swapstate"; - $cron_item['minute'] = "*/15"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; - /* Add this cron_item as a new entry at the end of the item array. */ - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Adding Squid Cron Jobs"); + if ($settings['clear_cache'] == 'on' ) { + install_cron_job("{$swapstate_cmd}", true, "*/360"); + } else { + install_cron_job("{$swapstate_cmd}", false); } } else { - if ($rotate_job_id >= 0) { - unset($config['cron']['item'][$rotate_job_id]); - $need_write = true; - } - if ($swapstate_job_id >= 0) { - unset($config['cron']['item'][$swapstate_job_id]); - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Removing Squid Cron Jobs"); - } + install_cron_job("{$swapstate_cmd}", false); } - configure_cron(); } function squid_check_ca_hashes() { - global $config,$g; + global $config, $g; // check certificates $cert_count = 0; - if (is_dir(SQUID_LOCALBASE. '/share/certs')) { - if ($handle = opendir(SQUID_LOCALBASE.'/share/certs')) { + if (is_dir(SQUID_LOCALBASE . '/share/certs')) { + if ($handle = opendir(SQUID_LOCALBASE . '/share/certs')) { while (false !== ($file = readdir($handle))) { - if (preg_match ("/\d+.0/",$file)) + if (preg_match ("/\d+.0/",$file)) { $cert_count++; + } } closedir($handle); } @@ -875,20 +816,22 @@ function squid_check_ca_hashes() { conf_mount_rw(); // create ca-root hashes from ca-root-nss package log_error("Creating root certificate bundle hashes from the Mozilla Project"); - $cas=file(SQUID_LOCALBASE.'/share/certs/ca-root-nss.crt'); - $cert=0; + $cas = file(SQUID_LOCALBASE . '/share/certs/ca-root-nss.crt'); + $cert = 0; foreach ($cas as $ca) { - if (preg_match("/--BEGIN CERTIFICATE--/",$ca)) - $cert=1; - if ($cert == 1) - $crt.=$ca; - if (preg_match("/-END CERTIFICATE-/",$ca)) { - file_put_contents("/tmp/cert.pem",$crt, LOCK_EX); - $cert_hash=array(); - exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem",$cert_hash); - file_put_contents(SQUID_LOCALBASE."/share/certs/".$cert_hash[0].".0",$crt,LOCK_EX); - $crt=""; - $cert=0; + if (preg_match("/--BEGIN CERTIFICATE--/", $ca)) { + $cert = 1; + } + if ($cert == 1) { + $crt .= $ca; + } + if (preg_match("/-END CERTIFICATE-/", $ca)) { + file_put_contents("/tmp/cert.pem", $crt, LOCK_EX); + $cert_hash = array(); + exec("/usr/bin/openssl x509 -hash -noout -in /tmp/cert.pem", $cert_hash); + file_put_contents(SQUID_LOCALBASE . "/share/certs/" . $cert_hash[0] . ".0", $crt, LOCK_EX); + $crt = ""; + $cert = 0; } } } @@ -897,10 +840,11 @@ function squid_check_ca_hashes() { function squid_resync_general() { global $g, $config, $valid_acls; - if (is_array($config['installedpackages']['squid'])) + if (is_array($config['installedpackages']['squid'])) { $settings = $config['installedpackages']['squid']['config'][0]; - else - $settings=array(); + } else { + $settings = array(); + } $conf = "# This file is automatically generated by pfSense\n"; $conf .= "# Do not edit manually !\n\n"; @@ -910,31 +854,34 @@ function squid_resync_general() { $srv_cert = lookup_ca($settings["dca"]); if ($srv_cert != false) { if (base64_decode($srv_cert['prv'])) { - // check if ssl_db was initilized by squid + // check if ssl_db was initilized by Squid if (!file_exists(SQUID_SSL_DB . "/serial")) { if (is_dir(SQUID_SSL_DB)) { mwexec("/bin/rm -rf " . SQUID_SSL_DB); } - mwexec(SQUID_LOCALBASE."/libexec/squid/ssl_crtd -c -s " . SQUID_SSL_DB); + mwexec(SQUID_LOCALBASE . "/libexec/squid/ssl_crtd -c -s " . SQUID_SSL_DB); } // force squid user permission on /var/squid/lib/ssl_db/ squid_chown_recursive(SQUID_SSL_DB, SQUID_UID, SQUID_GID); - // cert, key, version, cipher,options, clientca, cafile, capath, crlfile, dhparams,sslflags, and sslcontext - $crt_pk=SQUID_CONFBASE."/serverkey.pem"; - $crt_capath=SQUID_LOCALBASE."/share/certs/"; - file_put_contents($crt_pk,base64_decode($srv_cert['prv']).base64_decode($srv_cert['crt'])); - $sslcrtd_children= ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5); - $ssl_interception.="ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=".($sslcrtd_children*2)."MB cert={$crt_pk} capath={$crt_capath}\n"; - $interception_checks = "sslcrtd_program ".SQUID_LOCALBASE."/libexec/squid/ssl_crtd -s " . SQUID_SSL_DB . " -M 4MB -b 2048\n"; + // cert, key, version, cipher, options, clientca, cafile, capath, crlfile, dhparams, sslflags, sslcontext + $crt_pk = SQUID_CONFBASE . "/serverkey.pem"; + $crt_capath = SQUID_LOCALBASE . "/share/certs/"; + file_put_contents($crt_pk, base64_decode($srv_cert['prv']) . base64_decode($srv_cert['crt'])); + $sslcrtd_children = ($settings['sslcrtd_children'] ? $settings['sslcrtd_children'] : 5); + $ssl_interception .= "ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=" . ($sslcrtd_children*2) . "MB cert={$crt_pk} capath={$crt_capath}\n"; + $interception_checks = "sslcrtd_program " . SQUID_LOCALBASE . "/libexec/squid/ssl_crtd -s " . SQUID_SSL_DB . " -M 4MB -b 2048\n"; $interception_checks .= "sslcrtd_children {$sslcrtd_children}\n"; $interception_checks .= "sslproxy_capath {$crt_capath}\n"; - if (preg_match("/sslproxy_cert_error/",$settings["interception_checks"])) - $interception_checks.="sslproxy_cert_error allow all\n"; - if (preg_match("/sslproxy_flags/",$settings["interception_checks"])) - $interception_checks.="sslproxy_flags DONT_VERIFY_PEER\n"; + if (preg_match("/sslproxy_cert_error/", $settings["interception_checks"])) { + $interception_checks .= "sslproxy_cert_error allow all\n"; + } + if (preg_match("/sslproxy_flags/", $settings["interception_checks"])) { + $interception_checks .= "sslproxy_flags DONT_VERIFY_PEER\n"; + } if ($settings["interception_adapt"] != "") { - foreach (explode(",",$settings["interception_adapt"]) as $adapt) - $interception_checks.="sslproxy_cert_adapt {$adapt} all\n"; + foreach (explode(",", $settings["interception_adapt"]) as $adapt) { + $interception_checks .= "sslproxy_cert_adapt {$adapt} all\n"; + } } } } @@ -945,47 +892,51 @@ function squid_resync_general() { // Read assigned interfaces $real_ifaces = array(); - if ($settings['active_interface']) + if ($settings['active_interface']) { $proxy_ifaces = explode(",", $settings['active_interface']); - else - $proxy_ifaces=array("lan"); + } else { + $proxy_ifaces = array("lan"); + } - if ($settings['transparent_proxy']=="on") { + if ($settings['transparent_proxy'] == "on") { $transparent_ifaces = explode(",", $settings['transparent_active_interface']); foreach ($transparent_ifaces as $t_iface) { $t_iface_ip = squid_get_real_interface_address($t_iface); - if ($t_iface_ip[0]) - $real_ifaces[]=$t_iface_ip; + if ($t_iface_ip[0]) { + $real_ifaces[] = $t_iface_ip; + } } } else { - $transparent_ifaces=array(); + $transparent_ifaces = array(); } - if ($settings['ssl_proxy']=="on") { + if ($settings['ssl_proxy'] == "on") { $ssl_ifaces = explode(",", $settings['ssl_active_interface']); foreach ($ssl_ifaces as $s_iface) { $s_iface_ip = squid_get_real_interface_address($s_iface); - if ($s_iface_ip[0]) + if ($s_iface_ip[0]) { $real_ifaces[]=$s_iface_ip; + } } } else { - $ssl_ifaces=array(); + $ssl_ifaces = array(); } // check all proxy interfaces selected foreach ($proxy_ifaces as $iface) { $iface_ip = squid_get_real_interface_address($iface); if ($iface_ip[0]) { - $real_ifaces[]=$iface_ip; - if (in_array($iface,$ssl_ifaces)) + $real_ifaces[] = $iface_ip; + if (in_array($iface,$ssl_ifaces)) { $conf .= "http_port {$iface_ip[0]}:{$port} {$ssl_interception}\n"; - else + } else { $conf .= "http_port {$iface_ip[0]}:{$port}\n"; + } } } if (($settings['transparent_proxy'] == 'on')) { - if ($settings['ssl_proxy'] == "on" && count($ssl_ifaces)>0) { + if ($settings['ssl_proxy'] == "on" && count($ssl_ifaces) > 0) { $conf .= "http_port 127.0.0.1:{$port} intercept {$ssl_interception}\n"; $conf .= "https_port 127.0.0.1:{$ssl_port} intercept {$ssl_interception}\n"; } else { @@ -993,11 +944,11 @@ function squid_resync_general() { } } $icp_port = ($settings['icp_port'] ? $settings['icp_port'] : 0); - $dns_v4_first= ($settings['dns_v4_first'] == "on" ? "on" : "off" ); - $piddir="{$g['varrun_path']}/squid"; + $dns_v4_first = ($settings['dns_v4_first'] == "on" ? "on" : "off" ); + $piddir = "{$g['varrun_path']}/squid"; $pidfile = "{$piddir}/squid.pid"; if (!is_dir($piddir)) { - @mkdir($piddir, 0755, true); + safe_mkdir($piddir, 0755); squid_chown_recursive($piddir, SQUID_UID, 'wheel'); } $language = ($settings['error_language'] ? $settings['error_language'] : 'en'); @@ -1007,13 +958,13 @@ function squid_resync_general() { $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); if (!is_dir($logdir)) { - @mkdir($logdir, 0755, true); + safe_mkdir($logdir, 0755); squid_chown_recursive($logdir, SQUID_UID, SQUID_GID); } $logdir_cache = $logdir . '/cache.log'; $logdir_access = ($settings['log_enabled'] == 'on' ? $logdir . '/access.log' : '/dev/null'); - $pinger_helper = ($settings['disable_pinger']) =='on' ? 'off' : 'on'; - $pinger_program=SQUID_LOCALBASE."/libexec/squid/pinger"; + $pinger_helper = ($settings['disable_pinger']) == 'on' ? 'off' : 'on'; + $pinger_program = SQUID_LOCALBASE . "/libexec/squid/pinger"; $squid_uid = SQUID_UID; $squid_gid = SQUID_GID; @@ -1055,35 +1006,42 @@ EOD; list($ip, $mask) = $iface; $ip = long2ip(ip2long($ip) & ip2long($mask)); $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2); - if (!preg_match("@$ip/$mask@",$src)) + if (!preg_match("@$ip/$mask@", $src)) { $src .= " $ip/$mask"; + } } $conf .= "# Allow local network(s) on interface(s)\n"; $conf .= "acl localnet src $src\n"; $valid_acls[] = 'localnet'; } - if ($settings['xforward_mode']) + if ($settings['xforward_mode']) { $conf .= "forwarded_for {$settings['xforward_mode']}\n"; - else - $conf .= "forwarded_for on\n"; //only used for first run + } else { + // only used for first run + $conf .= "forwarded_for on\n"; + } - if ($settings['disable_via']) + if ($settings['disable_via']) { $conf .= "via off\n"; + } - if ($settings['disable_squidversion']) + if ($settings['disable_squidversion']) { $conf .= "httpd_suppress_version_string on\n"; + } - if (!empty($settings['uri_whitespace'])) + if (!empty($settings['uri_whitespace'])) { $conf .= "uri_whitespace {$settings['uri_whitespace']}\n"; - else - $conf .= "uri_whitespace strip\n"; //only used for first run + } else { + // only used for first run + $conf .= "uri_whitespace strip\n"; + } if (!empty($settings['dns_nameservers'])) { $altdns = explode(";", ($settings['dns_nameservers'])); $conf .= "dns_nameservers "; foreach ($altdns as $dnssrv) { - $conf .= $dnssrv." "; + $conf .= $dnssrv . " "; } } @@ -1093,19 +1051,20 @@ EOD; function squid_resync_cache() { global $config, $g; - if (is_array($config['installedpackages']['squidcache'])) + if (is_array($config['installedpackages']['squidcache'])) { $settings = $config['installedpackages']['squidcache']['config'][0]; - else + } else { $settings = array(); + } - //apply cache settings - $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + // apply cache settings + $cachedir = ($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); $disk_cache_size = ($settings['harddisk_cache_size'] ? $settings['harddisk_cache_size'] : 100); $level1 = ($settings['level1_subdirs'] ? $settings['level1_subdirs'] : 16); - $memory_cache_size = ($settings['memory_cache_size'] ? $settings['memory_cache_size'] : 8); - $max_objsize = ($settings['maximum_object_size'] ? $settings['maximum_object_size']." KB" : "10 KB"); + $memory_cache_size = ($settings['memory_cache_size'] ? $settings['memory_cache_size'] : 64); + $max_objsize = ($settings['maximum_object_size'] ? $settings['maximum_object_size'] . " MB" : "4 MB"); $min_objsize = ($settings['minimum_object_size'] ? $settings['minimum_object_size'] : 0); - $max_objsize_in_mem = ($settings['maximum_objsize_in_mem'] ? $settings['maximum_objsize_in_mem'] : 32); + $max_objsize_in_mem = ($settings['maximum_objsize_in_mem'] ? $settings['maximum_objsize_in_mem'] : 256); $cache_policy = ($settings['cache_replacement_policy'] ? $settings['cache_replacement_policy'] : 'heap LFUDA'); $memory_policy = ($settings['memory_replacement_policy'] ? $settings['memory_replacement_policy'] : 'heap GDSF'); $offline_mode = ($settings['enable_offline'] == 'on' ? 'on' : 'off'); @@ -1121,14 +1080,15 @@ function squid_resync_cache() { } // 'null' storage type dropped. In-memory cache is always present. Remove all cache_dir options to prevent on-disk caching. if ($disk_cache_system != "null") { - $disk_cache_opts = "cache_dir {$disk_cache_system} {$cachedir} {$disk_cache_size} {$level1} 256"; + $disk_cache_opts = "cache_dir {$disk_cache_system} {$cachedir} {$disk_cache_size} {$level1} 256"; } - //check dynamic content + // check dynamic content if (empty($settings['cache_dynamic_content'])) { - $conf.='acl dynamic urlpath_regex cgi-bin \?'."\n"; - $conf.="cache deny dynamic\n"; - } else if (preg_match('/youtube/',$settings['refresh_patterns'])) { - $conf.=<<< EOC + $conf .= 'acl dynamic urlpath_regex cgi-bin \?' . "\n"; + $conf .= "cache deny dynamic\n"; + } elseif (preg_match('/youtube/', $settings['refresh_patterns'])) { +// Broken (Bug #3847) and not working (http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube#Discussion) +/* $conf .= <<< EOC # Break HTTP standard for flash videos. Keep them in cache even if asked not to. refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private @@ -1137,9 +1097,10 @@ acl youtube dstdomain .youtube.com cache allow youtube EOC; +*/ } - if (preg_match('/windows/',$settings['refresh_patterns'])) { - $conf.=<<< EOC + if (preg_match('/windows/', $settings['refresh_patterns'])) { + $conf .= <<< EOC # Windows Update refresh_pattern range_offset_limit -1 @@ -1150,8 +1111,8 @@ refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 EOC; } - if (preg_match('/symantec/',$settings['refresh_patterns'])) { - $conf.=<<< EOC + if (preg_match('/symantec/', $settings['refresh_patterns'])) { + $conf .= <<< EOC # Symantec refresh_pattern range_offset_limit -1 @@ -1160,8 +1121,8 @@ refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 re EOC; } - if (preg_match('/avast/',$settings['refresh_patterns'])) { - $conf.=<<< EOC + if (preg_match('/avast/', $settings['refresh_patterns'])) { + $conf .= <<< EOC # Avast refresh_pattern range_offset_limit -1 @@ -1169,7 +1130,7 @@ refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-i EOC; } - if (preg_match('/avira/',$settings['refresh_patterns'])) { + if (preg_match('/avira/', $settings['refresh_patterns'])) { $conf.=<<< EOC # Avira refresh_pattern @@ -1178,7 +1139,7 @@ refresh_pattern personal.avira-update.com/.*\.(cab|exe|dll|msi|gz) 10080 100% 43 EOC; } - $refresh_conf=<<< EOC + $refresh_conf = <<< EOC # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 @@ -1188,32 +1149,36 @@ refresh_pattern . 0 20% 4320 EOC; - if ($settings['custom_refresh_patterns'] !="") - $conf .= sq_text_area_decode($settings['custom_refresh_patterns'])."\n"; + if ($settings['custom_refresh_patterns'] != "") { + $conf .= sq_text_area_decode($settings['custom_refresh_patterns']) . "\n"; + } $conf .= <<< EOD -cache_mem $memory_cache_size MB +cache_mem {$memory_cache_size} MB maximum_object_size_in_memory {$max_objsize_in_mem} KB memory_replacement_policy {$memory_policy} cache_replacement_policy {$cache_policy} -$disk_cache_opts minimum_object_size {$min_objsize} KB maximum_object_size {$max_objsize} +{$disk_cache_opts} offline_mode {$offline_mode} EOD; - if (!empty($settings['cache_swap_low'])) $conf .= "cache_swap_low {$settings['cache_swap_low']}\n"; - if (!empty($settings['cache_swap_high'])) $conf .= "cache_swap_high {$settings['cache_swap_high']}\n"; + if (!empty($settings['cache_swap_low'])) { + $conf .= "cache_swap_low {$settings['cache_swap_low']}\n"; + } + if (!empty($settings['cache_swap_high'])) { + $conf .= "cache_swap_high {$settings['cache_swap_high']}\n"; + } $donotcache = sq_text_area_decode($settings['donotcache']); if (!empty($donotcache)) { file_put_contents(SQUID_ACLDIR . '/donotcache.acl', $donotcache); $conf .= 'acl donotcache dstdomain "' . SQUID_ACLDIR . "/donotcache.acl\"\n"; $conf .= "cache deny donotcache\n"; - } - elseif (file_exists(SQUID_ACLDIR . '/donotcache.acl')) { + } elseif (file_exists(SQUID_ACLDIR . '/donotcache.acl')) { unlink(SQUID_ACLDIR . '/donotcache.acl'); } $conf .= "cache allow all\n"; @@ -1224,17 +1189,19 @@ EOD; function squid_resync_upstream() { global $config; - if (!is_array($config['installedpackages']['squidremote']['config'])) + if (!is_array($config['installedpackages']['squidremote']['config'])) { $config['installedpackages']['squidremote']['config'] = array(); + } $conf = "\n#Remote proxies\n"; foreach ($config['installedpackages']['squidremote']['config'] as $settings) { if ($settings['enable'] == 'on') { $conf .= "cache_peer {$settings['proxyaddr']} {$settings['hierarchy']} {$settings['proxyport']} "; - if ($settings['icpport'] == '7') + if ($settings['icpport'] == '7') { $conf .= "{$settings['icpport']} {$settings['icpoptions']} {$settings['peermethod']} {$settings['allowmiss']} "; - else + } else { $conf .= "{$settings['icpport']} "; + } // auth settings if (!empty($settings['username']) && !empty($settings['password'])) { $conf .= " login={$settings['username']}:{$settings['password']}"; @@ -1242,14 +1209,18 @@ function squid_resync_upstream() { $conf .= "{$settings['authoption']} "; } // other options settings - if (!empty($settings['weight'])) + if (!empty($settings['weight'])) { $conf .= "weight={$settings['weight']} "; - if (!empty($settings['basetime'])) + } + if (!empty($settings['basetime'])) { $conf .= "basetime={$settings['basetime']} "; - if (!empty($settings['ttl'])) + } + if (!empty($settings['ttl'])) { $conf .= "ttl={$settings['ttl']} "; - if (!empty($settings['nodelay'])) + } + if (!empty($settings['nodelay'])) { $conf .= "no-delay"; + } } $conf .= "\n"; } @@ -1261,7 +1232,8 @@ function squid_resync_redirector() { // XXX: What port provide squirm binary? It's not present $httpav_enabled = ($config['installedpackages']['clamav']['config'][0]['scan_http'] == 'on'); - if ($httpav_enabled) { + $redirector = "/usr/local/bin/squirm"; + if (($httpav_enabled) && is_executable($redirector)) { $conf = "url_rewrite_program /usr/local/bin/squirm\n"; } else { $conf = "# No redirector configured\n"; @@ -1273,10 +1245,11 @@ function squid_resync_nac() { global $config, $valid_acls; $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); - if (is_array($config['installedpackages']['squidnac'])) + if (is_array($config['installedpackages']['squidnac'])) { $settings = $config['installedpackages']['squidnac']['config'][0]; - else + } else { $settings = array(); + } $webgui_port = $config['system']['webgui']['port']; $addtl_ports = $settings['addtl_ports']; $addtl_sslports = $settings['addtl_sslports']; @@ -1303,7 +1276,7 @@ acl HTTPS proto HTTPS EOD; - $allowed_subnets = preg_replace("/\s+/"," ",sq_text_area_decode($settings['allowed_subnets'])); + $allowed_subnets = preg_replace("/\s+/"," ", sq_text_area_decode($settings['allowed_subnets'])); if (!empty($allowed_subnets)) { $conf .= "acl allowed_subnets src $allowed_subnets\n"; $valid_acls[] = 'allowed_subnets'; @@ -1324,8 +1297,7 @@ EOD; file_put_contents(SQUID_ACLDIR . "/$option.acl", $contents); $conf .= "acl $option $directive \"" . SQUID_ACLDIR . "/$option.acl\"\n"; $valid_acls[] = $option; - } - elseif (file_exists(SQUID_ACLDIR . "/$option.acl")) { + } elseif (file_exists(SQUID_ACLDIR . "/$option.acl")) { unlink(SQUID_ACLDIR . "/$option.acl"); } } @@ -1373,27 +1345,26 @@ function squid_resync_antivirus() { else $antivirus_config = array(); - if ($antivirus_config['enable']=="on") { + if ($antivirus_config['enable'] == "on") { switch ($antivirus_config['client_info']) { - case "both": - $icap_send_client_ip="on"; - $icap_send_client_username="on"; - break; - case "IP": - $icap_send_client_ip="on"; - $icap_send_client_username="off"; - break; - case "username": - $icap_send_client_ip="off"; - $icap_send_client_username="on"; - break; - case "none": - $icap_send_client_ip="off"; - $icap_send_client_username="off"; - break; + case "both": + default: + $icap_send_client_ip = "on"; + $icap_send_client_username = "on"; + break; + case "ip": + $icap_send_client_ip = "on"; + $icap_send_client_username = "off"; + break; + case "username": + $icap_send_client_ip = "off"; + $icap_send_client_username = "on"; + break; + case "none": + $icap_send_client_ip = "off"; + $icap_send_client_username = "off"; + break; } - if (is_array($config['installedpackages']['squid'])) - $squid_config=$config['installedpackages']['squid']['config'][0]; $conf = <<< EOF icap_enable on @@ -1412,66 +1383,84 @@ adaptation_access service_avi_resp allow all EOF; // check if icap is enabled on rc.conf.local + // XXX: This whole thing sucks and should be redone to install/enable services in pfSense way if (file_exists("/etc/rc.conf.local")) { - $rc_old_file=file("/etc/rc.conf.local"); + $rc_old_file = file("/etc/rc.conf.local"); foreach ($rc_old_file as $rc_line) { - if (preg_match("/^(c_icap_enable|clamav_clamd_enable)/",$rc_line,$matches)) { - $rc_file.=$matches[1].'="YES"'."\n"; - ${$matches[1]}="ok"; + if (preg_match("/^(c_icap_enable|clamav_clamd_enable)/", $rc_line, $matches)) { + $rc_file .= $matches[1] . '="YES"' . "\n"; + ${$matches[1]} = "ok"; + } else { + $rc_file .= $rc_line; } - else - $rc_file.=$rc_line; } } - if (!isset($c_icap_enable)) - $rc_file.='c_icap_enable="YES"'."\n"; - if (!isset($clamav_clamd_enable)) - $rc_file.='clamav_clamd_enable="YES"'."\n"; - file_put_contents("/etc/rc.conf.local",$rc_file,LOCK_EX); + if (!isset($c_icap_enable)) { + $rc_file .= 'c_icap_enable="YES"' . "\n"; + } + if (!isset($clamav_clamd_enable)) { + $rc_file .= 'clamav_clamd_enable="YES"' . "\n"; + } + file_put_contents("/etc/rc.conf.local", $rc_file, LOCK_EX); squid_check_clamav_user('clamav'); // patch sample files to pfsense dirs // squidclamav.conf - if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")) { - if (file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default")) { - $sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.default"); - $clamav_m[0]="@/var/run/clamav/clamd.ctl@"; - $clamav_m[1]="@cgi-bin/clwarn.cgi@"; - $clamav_r[0]="/var/run/clamav/clamd.sock"; - $clamav_r[1]="squid_clwarn.php"; - file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample",preg_replace($clamav_m,$clamav_r,$sample_file),LOCK_EX); + if (!file_exists(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf.sample")) { + if (file_exists(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf.default")) { + $sample_file = file_get_contents(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf.default"); + $clamav_m[0] = "@/var/run/clamav/clamd.ctl@"; + $clamav_m[1] = "@cgi-bin/clwarn.cgi@"; + $clamav_r[0] = "/var/run/clamav/clamd.sock"; + $clamav_r[1] = "squid_clwarn.php"; + file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf.sample", preg_replace($clamav_m, $clamav_r, $sample_file), LOCK_EX); } } // c-icap.conf - if (!file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")) { - if (file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default")) { - $sample_file=file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.default"); - if (!preg_match("/squid_clamav/",$sample_file)) - $sample_file.="\nService squid_clamav squidclamav.so\n"; - $cicap_m[0]="@Manager:Apassword\S+@"; - $cicap_r[0]=""; - file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample",preg_replace($cicap_m,$cicap_r,$sample_file),LOCK_EX); + // make a backup of default c-icap.conf.sample first + // unlike with other config files, the file distributed in package is called c-icap.conf.sample, not c-icap.conf.default + if (!file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default")) { + copy(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.sample", SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default"); + } + if (file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default")) { + $sample_file = file_get_contents(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.default"); + if (!preg_match("/squid_clamav/", $sample_file)) { + $sample_file .= "\nService squid_clamav squidclamav.so\n"; } - } - //check squidclamav files until pbis are gone(https://redmine.pfsense.org/issues/4197) - $ln_icap= array('bin/c-icap','bin/c-icap-client','c-icap-config','c-icap-libicapapi-config','c-icap-stretch','lib/c_icap','share/c_icap','etc/c-icap'); + $cicap_m[0] = "@Manager:Apassword\S+@"; + $cicap_r[0] = ""; + // XXX: Bug #4615 + $logdir = ($settings['log_dir'] ? $settings['log_dir'] : '/var/squid/logs'); + $cicap_m[1] = "@DebugLevel\s1@"; + $cicap_r[1] = "DebugLevel 0"; + $cicap_m[2] = "@AccessLog /var/log/c-icap/access.log@"; + $cicap_r[2] = "AccessLog $logdir/c-icap-access.log"; + $cicap_m[3] = "@ServerLog /var/log/c-icap/server.log@"; + $cicap_r[3] = "ServerLog $logdir/c-icap-server.log"; + file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.sample", preg_replace($cicap_m, $cicap_r, $sample_file), LOCK_EX); + } + + // check squidclamav files until PBIs are gone (https://redmine.pfsense.org/issues/4197) + $ln_icap = array('bin/c-icap', 'bin/c-icap-client', 'c-icap-config', 'c-icap-libicapapi-config', 'c-icap-stretch', 'lib/c_icap', 'share/c_icap', 'etc/c-icap'); foreach ($ln_icap as $ln) { - if (!file_exists("/usr/local/{$ln}") && file_exists(SQUID_LOCALBASE."/{$ln}")) - symlink(SQUID_LOCALBASE."/{$ln}","/usr/local/{$ln}"); + if (SQUID_LOCALBASE != '/usr/local' && !file_exists("/usr/local/{$ln}") && file_exists(SQUID_LOCALBASE . "/{$ln}")) { + symlink(SQUID_LOCALBASE . "/{$ln}", "/usr/local/{$ln}"); + } + } + if (SQUID_LOCALBASE != '/usr/local' && !file_exists("/usr/local/lib/libicapapi.so.3") && file_exists(SQUID_LOCALBASE . "/lib/libicapapi.so.3.0.5")) { + symlink(SQUID_LOCALBASE . "/lib/libicapapi.so.3.0.5", "/usr/local/lib/libicapapi.so.3"); } - if (!file_exists("/usr/local/lib/libicapapi.so.3") && file_exists(SQUID_LOCALBASE."/lib/libicapapi.so.3.0.5")) - symlink(SQUID_LOCALBASE."/lib/libicapapi.so.3.0.5","/usr/local/lib/libicapapi.so.3"); - $loadsample=0; - if ($antivirus_config['squidclamav'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample")) { - $config['installedpackages']['squidantivirus']['config'][0]['squidclamav']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf.sample"))); + $loadsample = 0; + if ($antivirus_config['squidclamav'] == "" && file_exists(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf.sample")) { + $config['installedpackages']['squidantivirus']['config'][0]['squidclamav'] = base64_encode(str_replace("\r", "", file_get_contents(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf.sample"))); $loadsample++; } - if ($antivirus_config['c-icap_conf'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample")) { - $config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf.sample"))); + if ($antivirus_config['c-icap_conf'] == "" && file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.sample")) { + $config['installedpackages']['squidantivirus']['config'][0]['c-icap_conf'] = base64_encode(str_replace("\r", "", file_get_contents(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf.sample"))); $loadsample++; } - if ($antivirus_config['c-icap_magic'] =="" && file_exists(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.sample")) { - $config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic']=base64_encode(str_replace( "\r", "",file_get_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic.sample"))); + if ($antivirus_config['c-icap_magic'] == "" && file_exists(SQUID_LOCALBASE . "/etc/c-icap/c-icap.magic.sample")) { + $config['installedpackages']['squidantivirus']['config'][0]['c-icap_magic'] = base64_encode(str_replace("\r", "", file_get_contents(SQUID_LOCALBASE . "/etc/c-icap/c-icap.magic.sample"))); $loadsample++; } if ($loadsample > 0) { @@ -1487,24 +1476,25 @@ EOF; "/var/db/clamav" => "clamav" ); foreach ($dirs as $dir_path => $dir_user) { - if (!is_dir($dir_path)) - @mkdir($dir_path, 0755, true); + safe_mkdir($dir_path, 0755); squid_chown_recursive($dir_path, $dir_user, "wheel"); } // Check clamav database - if (count(glob("/var/db/clamav/*d"))==0) { - log_error("Squid - Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam on background."); - mwexec_bg(SQUID_BASE."/bin/freshclam"); + if (count(glob("/var/db/clamav/*d")) == 0) { + log_error("Squid - Missing /var/db/clamav/*.cvd or *.cld files. Running freshclam in background."); + mwexec_bg(SQUID_BASE . "/bin/freshclam"); } $rcd_files = scandir(SQUID_LOCALBASE."/etc/rc.d"); - foreach ($rcd_files as $rcd_file) - if (!file_exists("/usr/local/etc/rc.d/{$rcd_file}")) - symlink (SQUID_LOCALBASE."/etc/rc.d/{$rcd_file}","/usr/local/etc/rc.d/{$rcd_file}"); + foreach ($rcd_files as $rcd_file) { + if (SQUID_LOCALBASE != '/usr/local' && !file_exists("/usr/local/etc/rc.d/{$rcd_file}")) { + symlink(SQUID_LOCALBASE . "/etc/rc.d/{$rcd_file}", "/usr/local/etc/rc.d/{$rcd_file}"); + } + } // write advanced icap config files - file_put_contents(SQUID_LOCALBASE."/etc/c-icap/squidclamav.conf",base64_decode($antivirus_config['squidclamav']),LOCK_EX); - file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.conf",base64_decode($antivirus_config['c-icap_conf']),LOCK_EX); - file_put_contents(SQUID_LOCALBASE."/etc/c-icap/c-icap.magic",base64_decode($antivirus_config['c-icap_magic']),LOCK_EX); + file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/squidclamav.conf", base64_decode($antivirus_config['squidclamav']), LOCK_EX); + file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/c-icap.conf", base64_decode($antivirus_config['c-icap_conf']), LOCK_EX); + file_put_contents(SQUID_LOCALBASE . "/etc/c-icap/c-icap.magic", base64_decode($antivirus_config['c-icap_magic']), LOCK_EX); // check antivirus daemons // check icap @@ -1512,38 +1502,39 @@ EOF; mwexec_bg('/bin/echo -n "reconfigure" > /var/run/c-icap/c-icap.ctl'); } else { // check c-icap user on startup file - $c_icap_rcfile="/usr/local/etc/rc.d/c-icap"; + $c_icap_rcfile = "/usr/local/etc/rc.d/c-icap"; if (file_exists($c_icap_rcfile)) { - $sample_file=file_get_contents($c_icap_rcfile); - $cicapm[0]="@c_icap_user=.*}@"; - $cicapr[0]='c_icap_user="clamav"}'; - $cicapm[1]="@/usr/local@"; - $cicapr[1]=SQUID_LOCALBASE; - file_put_contents($c_icap_rcfile,preg_replace($cicapm,$cicapr,$sample_file),LOCK_EX); + $sample_file = file_get_contents($c_icap_rcfile); + $cicapm[0] = "@c_icap_user=.*}@"; + $cicapr[0] = 'c_icap_user="clamav"}'; + $cicapm[1] = "@/usr/local@"; + $cicapr[1] = SQUID_LOCALBASE; + file_put_contents($c_icap_rcfile, preg_replace($cicapm, $cicapr, $sample_file), LOCK_EX); } mwexec_bg("/usr/local/etc/rc.d/c-icap start"); } // check clamav/freshclam - $rc_files=array("clamav-freshclam","clamav-clamd"); - $clamm[0]="@/usr/local/(bin|sbin)@"; - $clamm[1]="@/local/(bin|sbin)@"; - $clamm[2]="@/usr/local/etc@"; - $clamm[3]="@enable:=NO@"; - $clamr[0]=SQUID_BASE."/bin"; - $clamr[1]="/bin"; - $clamr[2]=SQUID_LOCALBASE."/etc"; - $clamr[3]="enable:=YES"; + $rc_files = array("clamav-freshclam", "clamav-clamd"); + $clamm[0] = "@/usr/local/(bin|sbin)@"; + $clamm[1] = "@/local/(bin|sbin)@"; + $clamm[2] = "@/usr/local/etc@"; + $clamm[3] = "@enable:=NO@"; + $clamr[0] = SQUID_BASE . "/bin"; + $clamr[1] = "/bin"; + $clamr[2] = SQUID_LOCALBASE . "/etc"; + $clamr[3] = "enable:=YES"; foreach ($rc_files as $rc_file) { - $clamav_rcfile="/usr/local/etc/rc.d/{$rc_file}"; + $clamav_rcfile = "/usr/local/etc/rc.d/{$rc_file}"; if (file_exists($clamav_rcfile)) { - $sample_file=file_get_contents($clamav_rcfile); - file_put_contents($clamav_rcfile,preg_replace($clamm,$clamr,$sample_file),LOCK_EX); + $sample_file = file_get_contents($clamav_rcfile); + file_put_contents($clamav_rcfile, preg_replace($clamm, $clamr, $sample_file), LOCK_EX); } } - if (is_process_running("clamd")) + if (is_process_running("clamd")) { mwexec_bg("/usr/local/etc/rc.d/clamav-clamd reload"); - else + } else { mwexec_bg("/usr/local/etc/rc.d/clamav-clamd start"); + } } return $conf; } @@ -1551,40 +1542,48 @@ EOF; function squid_resync_traffic() { global $config, $valid_acls; - if (!is_array($valid_acls)) + if (!is_array($valid_acls)) { return; - if (is_array($config['installedpackages']['squidtraffic'])) + } + if (is_array($config['installedpackages']['squidtraffic'])) { $settings = $config['installedpackages']['squidtraffic']['config'][0]; - else + } else { $settings = array(); + } $conf = ''; - if (!empty($settings['quick_abort_min']) || ($settings['quick_abort_min']) == "0") + if (!empty($settings['quick_abort_min']) || ($settings['quick_abort_min']) == "0") { $conf .= "quick_abort_min {$settings['quick_abort_min']} KB\n"; - if (!empty($settings['quick_abort_max']) || ($settings['quick_abort_max']) == "0") + } + if (!empty($settings['quick_abort_max']) || ($settings['quick_abort_max']) == "0") { $conf .= "quick_abort_max {$settings['quick_abort_max']} KB\n"; - if (!empty($settings['quick_abort_pct'])) + } + if (!empty($settings['quick_abort_pct'])) { $conf .= "quick_abort_pct {$settings['quick_abort_pct']}\n"; + } $up_limit = ($settings['max_upload_size'] ? $settings['max_upload_size'] : 0); $down_limit = ($settings['max_download_size'] ? $settings['max_download_size'] : 0); $conf .= "request_body_max_size $up_limit KB\n"; - if ($down_limit != 0) + if ($down_limit != 0) { $conf .= 'reply_body_max_size ' . $down_limit . " KB allsrc \n"; + } // Only apply throttling past 10MB // XXX: Should this really be hardcoded? $threshold = 10 * 1024 * 1024; $overall = $settings['overall_throttling']; - if (!isset($overall) || ($overall == 0)) + if (!isset($overall) || ($overall == 0)) { $overall = -1; - else + } else { $overall *= 1024; + } $perhost = $settings['perhost_throttling']; - if (!isset($perhost) || ($perhost == 0)) + if (!isset($perhost) || ($perhost == 0)) { $perhost = -1; - else + } else { $perhost *= 1024; + } $conf .= <<< EOD delay_pools 1 delay_class 1 2 @@ -1607,21 +1606,22 @@ EOD; $binaries = 'bin,cab,sea,ar,arj,tar,tgz,gz,tbz,bz2,zip,7z,exe,com'; $cdimages = 'iso,bin,mds,nrg,gho,bwt,b5t,pqi'; $multimedia = 'aiff?,asf,avi,divx,mov,mp3,mp4,wmv,mpe?g,qt,ra?m'; - foreach (array( 'throttle_binaries' => $binaries, - 'throttle_cdimages' => $cdimages, - 'throttle_multimedia' => $multimedia) as $field => $set) { - if ($settings[$field] == 'on') + foreach (array('throttle_binaries' => $binaries, 'throttle_cdimages' => $cdimages, 'throttle_multimedia' => $multimedia) as $field => $set) { + if ($settings[$field] == 'on') { $exts = array_merge($exts, explode(",", $set)); + } } foreach (explode(",", $settings['throttle_others']) as $ext) { - if (!empty($ext)) + if (!empty($ext)) { $exts[] = $ext; + } } $contents = ''; - foreach ($exts as $ext) + foreach ($exts as $ext) { $contents .= "\.$ext\$\n"; + } file_put_contents(SQUID_ACLDIR . '/throttle_exts.acl', $contents); $conf .= "# Throttle extensions matched in the url\n"; @@ -1650,24 +1650,27 @@ include('/usr/local/pkg/squid_reverse.inc'); function squid_resync_auth() { global $config, $valid_acls; - $write_config=0; + $write_config = 0; if (!is_array($config['installedpackages']['squidauth']['config'])) { - $config['installedpackages']['squidauth']['config'][]=array('auth_method'=> "none"); + $config['installedpackages']['squidauth']['config'][] = array('auth_method'=> "none"); $write_config++; } $settings = $config['installedpackages']['squidauth']['config'][0]; - if (is_array($config['installedpackages']['squidnac']['config'])) + if (is_array($config['installedpackages']['squidnac']['config'])) { $settingsnac = $config['installedpackages']['squidnac']['config'][0]; - else + } else { $settingsnac = array(); + } - if (is_array($config['installedpackages']['squid']['config'])) + if (is_array($config['installedpackages']['squid']['config'])) { $settingsconfig = $config['installedpackages']['squid']['config'][0]; - else + } else { $settingsconfig = array(); + } - if ($write_config > 0) + if ($write_config > 0) { write_config(); + } $conf = ''; @@ -1679,17 +1682,17 @@ function squid_resync_auth() { // Package integration if (!empty($settingsconfig['custom_options'])) { - $co_preg[0]='/;/'; - $co_rep[0]="\n"; - $co_preg[1]="/redirect_program/"; - $co_rep[1]="url_rewrite_program"; - $co_preg[2]="/redirector_bypass/"; - $co_rep[2]="url_rewrite_bypass"; - $conf.="# Package Integration\n".preg_replace($co_preg,$co_rep,$settingsconfig['custom_options'])."\n\n"; + $co_preg[0] = '/;/'; + $co_rep[0] = "\n"; + $co_preg[1] = "/redirect_program/"; + $co_rep[1] = "url_rewrite_program"; + $co_preg[2] = "/redirector_bypass/"; + $co_rep[2] = "url_rewrite_bypass"; + $conf .= "# Package Integration\n" . preg_replace($co_preg, $co_rep, $settingsconfig['custom_options']) . "\n\n"; } // Custom User Options before authentication acls - $conf .= "# Custom options before auth\n".sq_text_area_decode($settingsconfig['custom_options_squid3'])."\n\n"; + $conf .= "# Custom options before auth\n" . sq_text_area_decode($settingsconfig['custom_options_squid3']) . "\n\n"; // Deny the banned guys before allowing the good guys if (!empty($settingsnac['banned_hosts'])) { @@ -1707,7 +1710,7 @@ function squid_resync_auth() { // Unrestricted hosts take precedence over blacklist if (!empty($settingsnac['unrestricted_hosts'])) { - if (squid_is_valid_acl('unrestricted_hosts') && $settings['unrestricted_auth']!= "on") { + if (squid_is_valid_acl('unrestricted_hosts') && $settings['unrestricted_auth'] != "on") { $conf .= "# These hosts do not have any restrictions\n"; $conf .= "http_access allow unrestricted_hosts\n"; } @@ -1746,39 +1749,43 @@ function squid_resync_auth() { } // Include squidguard denied acl log in squid - if ($settingsconfig['log_sqd']) + if ($settingsconfig['log_sqd']) { $conf .= "acl sglog url_regex -i sgr=ACCESSDENIED\n"; + } $transparent_proxy = ($settingsconfig['transparent_proxy'] == 'on'); if ($transparent_proxy) { - if (preg_match ("/(none|cp)/",$settings['auth_method'])) - $auth_method=$settings['auth_method']; - else - $auth_method="none"; + if (preg_match ("/(none|cp)/", $settings['auth_method'])) { + $auth_method = $settings['auth_method']; + } else { + $auth_method = "none"; + } } else { - $auth_method=$settings['auth_method']; + $auth_method = $settings['auth_method']; } // Allow the remaining ACLs if no authentication is set if ($auth_method == 'none' || $auth_method == 'cp') { // Include squidguard denied acl log in squid - if ($settingsconfig['log_sqd']) - $conf .="http_access deny sglog\n"; + if ($settingsconfig['log_sqd']) { + $conf .= "http_access deny sglog\n"; + } } - if ($auth_method == 'none' ) { + if ($auth_method == 'none') { // SSL interception acl options part 2 without authentication if ($settingsconfig['ssl_proxy'] == "on") { $conf .= "always_direct allow all\n"; $conf .= "ssl_bump server-first all\n"; } - $conf .="# Setup allowed acls\n"; + $conf .= "# Setup allowed acls\n"; $allowed = array('allowed_subnets'); if ($settingsconfig['allow_interface'] == 'on') { $conf .= "# Allow local network(s) on interface(s)\n"; $allowed[] = "localnet"; } $allowed = array_filter($allowed, 'squid_is_valid_acl'); - foreach ($allowed as $acl) + foreach ($allowed as $acl) { $conf .= "http_access allow $acl\n"; + } } else { $noauth = implode(' ', explode("\n", base64_decode($settings['no_auth_hosts']))); if (!empty($noauth)) { @@ -1791,26 +1798,26 @@ function squid_resync_auth() { $processes = ($settings['auth_processes'] ? $settings['auth_processes'] : 5); $prompt = ($settings['auth_prompt'] ? $settings['auth_prompt'] : 'Please enter your credentials to access the proxy'); switch ($auth_method) { - case 'local': - $conf .= 'auth_param basic program '.SQUID_LOCALBASE.'/libexec/squid/basic_ncsa_auth ' . SQUID_PASSWD . "\n"; - break; - case 'ldap': - $port = (isset($settings['auth_server_port']) ? ":{$settings['auth_server_port']}" : ''); - $password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : ''); - $conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/basic_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n"; - break; - case 'radius': - $port = (isset($settings['auth_server_port']) ? "-p {$settings['auth_server_port']}" : ''); - $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n"; - break; - case 'cp': - $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC ". SQUID_BASE . "/bin/check_ip.php\n"; - $conf .= "acl password external check_cp\n"; - break; - case 'msnt': - $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n"; - squid_resync_msnt(); - break; + case 'local': + $conf .= 'auth_param basic program ' . SQUID_LOCALBASE . '/libexec/squid/basic_ncsa_auth ' . SQUID_PASSWD . "\n"; + break; + case 'ldap': + $port = (isset($settings['auth_server_port']) ? ":{$settings['auth_server_port']}" : ''); + $password = (isset($settings['ldap_pass']) ? "-w {$settings['ldap_pass']}" : ''); + $conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/basic_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n"; + break; + case 'radius': + $port = (isset($settings['auth_server_port']) ? "-p {$settings['auth_server_port']}" : ''); + $conf .= "auth_param basic program ". SQUID_LOCALBASE . "/libexec/squid/basic_radius_auth -w {$settings['radius_secret']} -h {$settings['auth_server']} $port\n"; + break; + case 'cp': + $conf .= "external_acl_type check_cp children-startup={$processes} ttl={$auth_ttl} %SRC " . SQUID_BASE . "/bin/check_ip.php\n"; + $conf .= "acl password external check_cp\n"; + break; + case 'msnt': + $conf .= "auth_param basic program " . SQUID_LOCALBASE . "/libexec/squid/basic_msnt_auth\n"; + squid_resync_msnt(); + break; } if ($auth_method != 'cp') { $conf .= <<< EOD @@ -1822,7 +1829,7 @@ acl password proxy_auth REQUIRED EOD; } // Custom User Options after authentication definition - $conf .= "# Custom options after auth\n".sq_text_area_decode($settingsconfig['custom_options2_squid3'])."\n\n"; + $conf .= "# Custom options after auth\n" . sq_text_area_decode($settingsconfig['custom_options2_squid3']) . "\n\n"; // SSL interception acl options part 2 if ($settingsconfig['ssl_proxy'] == "on") { @@ -1842,16 +1849,19 @@ EOD; $passwordless = array_filter($passwordless, 'squid_is_valid_acl'); // Allow the ACLs that don't need to authenticate - foreach ($passwordless as $acl) + foreach ($passwordless as $acl) { $conf .= "http_access allow $acl\n"; + } // Include squidguard denied acl log in squid - if ($settingsconfig['log_sqd']) - $conf .="http_access deny password sglog\n"; + if ($settingsconfig['log_sqd']) { + $conf .= "http_access deny password sglog\n"; + } // Allow the other ACLs as long as they authenticate - foreach ($password as $acl) + foreach ($password as $acl) { $conf .= "http_access allow password $acl\n"; + } } $conf .= "# Default block all to be sure\n"; @@ -1866,8 +1876,9 @@ function squid_resync_users() { $users = $config['installedpackages']['squidusers']['config']; $contents = ''; if (is_array($users)) { - foreach ($users as $user) + foreach ($users as $user) { $contents .= $user['username'] . ':' . crypt($user['password'], base64_encode($user['password'])) . "\n"; + } } file_put_contents(SQUID_PASSWD, $contents); chown(SQUID_PASSWD, SQUID_UID); @@ -1877,40 +1888,41 @@ function squid_resync_users() { function squid_resync_msnt() { global $config; - if (is_array($config['installedpackages']['squidauth'])) + if (is_array($config['installedpackages']['squidauth'])) { $settings = $config['installedpackages']['squidauth']['config'][0]; - else + } else { $settings = array(); + } $pdcserver = $settings['auth_server']; - $bdcserver = str_replace(',',' ',$settings['msnt_secondary']); + $bdcserver = str_replace(',', ' ', $settings['msnt_secondary']); $ntdomain = $settings['auth_ntdomain']; - file_put_contents(SQUID_CONFBASE."/msntauth.conf","server {$pdcserver} {$bdcserver} {$ntdomain}"); - chown(SQUID_CONFBASE."/msntauth.conf", SQUID_UID); - chmod(SQUID_CONFBASE."/msntauth.conf", 0600); + file_put_contents(SQUID_CONFBASE . "/msntauth.conf", "server {$pdcserver} {$bdcserver} {$ntdomain}"); + chown(SQUID_CONFBASE . "/msntauth.conf", SQUID_UID); + chmod(SQUID_CONFBASE . "/msntauth.conf", 0600); } -function squid_resync($via_rpc="no") { +function squid_resync($via_rpc = "no") { global $config; // detect boot process if (is_array($_POST)) { - if (preg_match("/\w+/",$_POST['__csrf_magic'])) + if (!platform_booting()) { unset($boot_process); - else - $boot_process="on"; + } else { + $boot_process = "on"; + } } - log_error("[Squid] - Squid_resync function call pr:".is_process_running('squid')." bp:".isset($boot_process)." rpc:".$via_rpc); + log_error("[Squid] - Squid_resync function call pr:" . is_process_running('squid') . " bp:" . isset($boot_process) . " rpc:" . $via_rpc); - if (is_process_running('squid') && isset($boot_process) && $via_rpc=="no") + if (is_process_running('squid') && isset($boot_process) && $via_rpc == "no") { return; + } conf_mount_rw(); - foreach (array( SQUID_CONFBASE, - SQUID_ACLDIR, - SQUID_SSL_DB ) as $dir) { - @mkdir($dir, 0755, true); + foreach (array(SQUID_CONFBASE, SQUID_ACLDIR, SQUID_SSL_DB) as $dir) { + safe_mkdir($dir, 0755); squid_chown_recursive($dir, SQUID_UID, SQUID_GID); } $conf = squid_resync_general() . "\n"; @@ -1920,58 +1932,87 @@ function squid_resync($via_rpc="no") { $conf .= squid_resync_nac() . "\n"; $conf .= squid_resync_traffic() . "\n"; $conf .= squid_resync_reverse() . "\n"; - $conf .= squid_resync_auth()."\n"; + $conf .= squid_resync_auth() . "\n"; $conf .= squid_resync_antivirus(); squid_resync_users(); squid_write_rcfile(); - if (!isset($boot_process) || $via_rpc="yes") + if (!isset($boot_process) || $via_rpc == "yes") { squid_sync_on_changes(); + } // write config file file_put_contents(SQUID_CONFFILE, $conf); - /* make sure pinger is executable */ - // XXX: Is it really necessary? Who could change its permission? - if (file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) - exec("chmod a+x " . SQUID_LOCALBASE . "/libexec/squid/pinger"); + /* make sure pinger is executable and suid root */ + // XXX: Bug #5114 + if (file_exists(SQUID_LOCALBASE . "/libexec/squid/pinger")) { + chgrp(SQUID_LOCALBASE . "/libexec/squid/pinger", SQUID_GID); + } - $log_dir=""; - // check if squid is enabled + $log_dir = ""; + $squid_enabled = false; if (is_array($config['installedpackages']['squid']['config'])) { - if ($config['installedpackages']['squid']['config'][0]['active_interface']!= "") - $log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'].'/'; - } - // check if squidreverse is enabled - else if (is_array($config['installedpackages']['squidreversegeneral']['config'])) { - if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'] != "") - $log_dir="/var/squid/logs/"; + // check if Squid is enabled + if ($config['installedpackages']['squid']['config'][0]['active_interface'] != "") { + $squid_enabled = true; + } + } elseif (is_array($config['installedpackages']['squidreversegeneral']['config'])) { + // check if squidreverse is enabled + if ($config['installedpackages']['squidreversegeneral']['config'][0]['reverse_interface'] != "") { + $squid_enabled = true; + } } - // do not start squid if there is no log dir - if ($log_dir != "") { - if (!is_dir($log_dir)) { - log_error("Creating squid log dir $log_dir"); - @mkdir($log_dir, 0755, true); - squid_chown_recursive($log_dir, SQUID_UID, SQUID_GID); + // create log dir if required + if (is_array($config['installedpackages']['squid']['config'])) { + if ($config['installedpackages']['squid']['config'][0]['log_dir'] != "") { + $log_dir = $config['installedpackages']['squid']['config'][0]['log_dir'] . '/'; } + } else { + $log_dir = "/var/squid/logs/"; + } + if (!is_dir($log_dir)) { + log_error("Creating Squid log dir $log_dir"); + safe_mkdir($log_dir, 0755); + squid_chown_recursive($log_dir, SQUID_UID, SQUID_GID); + } - squid_dash_z(); + // check cache dir and create if necessary + squid_dash_z(); + // reconfigure and (re)start service as needed if enabled, otherwise stop them + // do not (re)start squid services on boot + if ((!isset($boot_process)) && ($squid_enabled)) { + /* kill any running proxy alarm scripts */ + log_error("Stopping any running proxy monitors"); + mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); + sleep(1); if (!is_service_running('squid')) { log_error("Starting Squid"); mwexec(SQUID_BASE . "/sbin/squid -f " . SQUID_CONFFILE); - } else if (!isset($boot_process)) { + } else { log_error("Reloading Squid for configuration sync"); mwexec(SQUID_BASE . "/sbin/squid -k reconfigure -f " . SQUID_CONFFILE); } - - // Sleep for a couple seconds to give squid a chance to fire up fully. - for ($i=0; $i < 10; $i++) { - if (!is_service_running('squid')) + // sleep for a couple seconds to give squid a chance to fire up fully. + for ($i = 0; $i < 10; $i++) { + if (!is_service_running('squid')) { sleep(1); + } } - filter_configure(); + /* restart proxy alarm scripts */ + log_error("Starting a proxy monitor script"); + mwexec_bg("/usr/local/etc/rc.d/sqp_monitor.sh start"); + } elseif (!$squid_enabled) { + /* Squid is disabled - kill any running proxy alarm scripts and stop Squid services */ + log_error("Stopping any running proxy monitors"); + mwexec("/usr/local/etc/rc.d/sqp_monitor.sh stop"); + sleep(1); + log_error("Stopping Squid"); + stop_service("squid"); } + + filter_configure(); conf_mount_ro(); } @@ -1982,7 +2023,7 @@ function squid_print_javascript_auth() { // No authentication for transparent proxy if ($transparent_proxy and preg_match("/(local|ldap|radius|msnt|ntlm)/",$config['installedpackages']['squidauth']['config'][0]['auth_method'])) { $javascript = <<< EOD -<script language="JavaScript"> +<script type="text/javascript"> <!-- function on_auth_method_changed() { document.iform.auth_method.disabled = 1; @@ -2009,7 +2050,7 @@ function on_auth_method_changed() { EOD; } else { $javascript = <<< EOD -<script language="JavaScript"> +<script type="text/javascript"> <!-- function on_auth_method_changed() { var field = document.iform.auth_method; @@ -2123,68 +2164,53 @@ EOD; } function squid_print_javascript_auth2() { - print("<script language=\"JavaScript\">on_auth_method_changed()</script>\n"); + print("<script type=\"text/javascript\">on_auth_method_changed()</script>\n"); } function squid_generate_rules($type) { - global $config; + global $config, $pfs_version; $squid_conf = $config['installedpackages']['squid']['config'][0]; //check captive portal option - $cp_file='/etc/inc/captiveportal.inc'; - $pfsense_version=preg_replace("/\s/","",file_get_contents("/etc/version")); + $cp_file = '/etc/inc/captiveportal.inc'; $port = ($settings['proxy_port'] ? $settings['proxy_port'] : 3128); $cp_inc = file($cp_file); - $new_cp_inc=""; + $new_cp_inc = ""; $found_rule=0; foreach ($cp_inc as $line) { - $new_line=$line; + $new_line = $line; //remove applied squid patch - if (preg_match('/skipto 65314 ip/',$line)) { + if (preg_match('/skipto 65314 ip/', $line)) { $found_rule++; - $new_line =""; + $new_line = ""; } - if (substr($pfsense_version,0,3) > 2.0) { - if (preg_match('/255.255.255.255/',$line) && $squid_conf['patch_cp']) { - $found_rule++; - $new_line .= "\t".'$cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} '.$port.' in\n";'."\n"; - $new_line .= "\t".'$cprules .= "add {$rulenum} skipto 65314 ip from {$ips} '.$port.' to any out\n";'."\n"; - } - } else { - //add squid patch option based on current config - if (preg_match('/set 1 pass ip from any to/',$line) && $squid_conf['patch_cp']) { - $found_rule++; - $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from any to {$ips} '.$port.' in\n";'."\n"; - $new_line .= $line; - } - if (preg_match('/set 1 pass ip from {/',$line) && $squid_conf['patch_cp']) { - $found_rule++; - $new_line = "\t".'$cprules .= "add {$rulenum} set 1 skipto 65314 ip from {$ips} '.$port.' to any out\n";'."\n"; - $new_line .= $line; - } + if (preg_match('/255.255.255.255/', $line) && $squid_conf['patch_cp']) { + $found_rule++; + $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from any to {$ips} ' . $port . ' in\n";' . "\n"; + $new_line .= "\t" . '$cprules .= "add {$rulenum} skipto 65314 ip from {$ips} ' . $port . ' to any out\n";' . "\n"; } $new_cp_inc .= $new_line; } - if (!file_exists('/root/'.$pfsense_version.'.captiveportal.inc.backup')) { - copy ($cp_file,'/root/'.$pfsense_version.'.captiveportal.inc.backup'); + if (!file_exists('/root/' . $pfs_version . '.captiveportal.inc.backup')) { + copy($cp_file, '/root/' . $pfs_version . '.captiveportal.inc.backup'); } if ($found_rule > 0) { - file_put_contents($cp_file,$new_cp_inc, LOCK_EX); + file_put_contents($cp_file, $new_cp_inc, LOCK_EX); } - //normal squid rule check + // normal squid rule check if (($squid_conf['transparent_proxy'] != 'on') || ($squid_conf['allow_interface'] != 'on')) { return; } if (!is_service_running('squid')) { - log_error("SQUID is installed but not started. Not installing \"{$type}\" rules."); + log_error("Squid is installed but not started. Not installing \"{$type}\" rules."); return; } // Read assigned interfaces $proxy_ifaces = explode(",", $squid_conf['active_interface']); $proxy_ifaces = array_map('convert_friendly_interface_to_real_interface_name', $proxy_ifaces); - if ($squid_conf['transparent_proxy']=="on") { + if ($squid_conf['transparent_proxy'] == "on") { $transparent_ifaces = explode(",", $squid_conf['transparent_active_interface']); $transparent_ifaces = array_map('convert_friendly_interface_to_real_interface_name', $transparent_ifaces); } else { @@ -2201,118 +2227,123 @@ function squid_generate_rules($type) { $ssl_port = ($squid_conf['ssl_proxy_port'] ? $squid_conf['ssl_proxy_port'] : 3127); $fw_aliases = filter_generate_aliases(); - if (strstr($fw_aliases, "pptp =")) + if (strstr($fw_aliases, "pptp =")) { $PPTP_ALIAS = "\$pptp"; - else + } else { $PPTP_ALIAS = "\$PPTP"; - if (strstr($fw_aliases, "PPPoE =")) + } + if (strstr($fw_aliases, "PPPoE =")) { $PPPOE_ALIAS = "\$PPPoE"; - else + } else { $PPPOE_ALIAS = "\$pppoe"; + } // define ports based on transparent options and ssl filtering - $pf_rule_port=($squid_conf['ssl_proxy'] == "on" ? "{80,443}" : "80"); + $pf_rule_port = ($squid_conf['ssl_proxy'] == "on" ? "{80,443}" : "80"); switch($type) { - case 'nat': - $rules .= "\n# Setup Squid proxy redirect\n"; - if ($squid_conf['private_subnet_proxy_off'] == 'on') { - foreach ($transparent_ifaces as $iface) { - $pf_transparent_rule_port=(in_array($iface,$ssl_ifaces) ? "{80,443}" : "80"); - $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_transparent_rule_port}\n"; - } - /* Handle PPPOE case */ - if (($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { - $rules .= "no rdr on $PPPOE_ALIAS proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_rule_port}\n"; + case 'nat': + $rules .= "\n# Setup Squid proxy redirect\n"; + if ($squid_conf['private_subnet_proxy_off'] == 'on') { + foreach ($transparent_ifaces as $iface) { + $pf_transparent_rule_port = (in_array($iface, $ssl_ifaces) ? "{80,443}" : "80"); + $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_transparent_rule_port}\n"; + } + /* Handle PPPOE case */ + if (($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { + $rules .= "no rdr on $PPPOE_ALIAS proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_rule_port}\n"; + } + /* Handle PPTP case */ + if ($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { + $rules .= "no rdr on $PPTP_ALIAS proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_rule_port}\n"; + } } - /* Handle PPTP case */ - if ($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { - $rules .= "no rdr on $PPTP_ALIAS proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port {$pf_rule_port}\n"; + if (!empty($squid_conf['defined_ip_proxy_off'])) { + $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']); + $exempt_ip = ""; + foreach ($defined_ip_proxy_off as $ip_proxy_off) { + if (!empty($ip_proxy_off)) { + $ip_proxy_off = trim($ip_proxy_off); + if (is_alias($ip_proxy_off)) { + $ip_proxy_off = '$' . $ip_proxy_off; + } + $exempt_ip .= ", $ip_proxy_off"; + } + } + $exempt_ip = substr($exempt_ip, 2); + foreach ($transparent_ifaces as $iface) { + $pf_transparent_rule_port = (in_array($iface, $ssl_ifaces) ? "{80,443}" : "80"); + $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port {$pf_transparent_rule_port}\n"; + } + /* Handle PPPOE case */ + if (($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { + $rules .= "no rdr on $PPPOE_ALIAS proto tcp from { $exempt_ip } to any port {$pf_rule_port}\n"; + } + /* Handle PPTP case */ + if ($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { + $rules .= "no rdr on $PPTP_ALIAS proto tcp from { $exempt_ip } to any port {$pf_rule_port}\n"; + } } - } - if (!empty($squid_conf['defined_ip_proxy_off'])) { - $defined_ip_proxy_off = explode(";", $squid_conf['defined_ip_proxy_off']); - $exempt_ip = ""; - foreach ($defined_ip_proxy_off as $ip_proxy_off) { - if (!empty($ip_proxy_off)) { - $ip_proxy_off = trim($ip_proxy_off); - if (is_alias($ip_proxy_off)) - $ip_proxy_off = '$'.$ip_proxy_off; - $exempt_ip .= ", $ip_proxy_off"; + if (!empty($squid_conf['defined_ip_proxy_off_dest'])) { + $defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']); + $exempt_dest = ""; + foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) { + if (!empty($ip_proxy_off_dest)) { + $ip_proxy_off_dest = trim($ip_proxy_off_dest); + if (is_alias($ip_proxy_off_dest)) { + $ip_proxy_off_dest = '$' . $ip_proxy_off_dest; + } + $exempt_dest .= ", $ip_proxy_off_dest"; + } + } + $exempt_dest = substr($exempt_dest, 2); + foreach ($transparent_ifaces as $iface) { + $pf_transparent_rule_port = (in_array($iface, $ssl_ifaces) ? "{80,443}" : "80"); + $rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port {$pf_transparent_rule_port}\n"; + } + /* Handle PPPOE case */ + if (($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { + $rules .= "no rdr on $PPPOE_ALIAS proto tcp from any to { $exempt_dest } port {$pf_rule_port}\n"; + } + /* Handle PPTP case */ + if ($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { + $rules .= "no rdr on $PPTP_ALIAS proto tcp from any to { $exempt_dest } port {$pf_rule_port}\n"; } } - $exempt_ip = substr($exempt_ip,2); - foreach ($transparent_ifaces as $iface) { - $pf_transparent_rule_port=(in_array($iface,$ssl_ifaces) ? "{80,443}" : "80"); - $rules .= "no rdr on $iface proto tcp from { $exempt_ip } to any port {$pf_transparent_rule_port}\n"; + foreach ($transparent_ifaces as $t_iface) { + $pf_transparent_rule_port = (in_array($t_iface, $ssl_ifaces) ? "{80,443}" : "80"); + $rules .= "rdr on $t_iface proto tcp from any to !($t_iface) port 80 -> 127.0.0.1 port {$port}\n"; + if (in_array($t_iface, $ssl_ifaces)) { + $rules .= "rdr on $t_iface proto tcp from any to !($t_iface) port 443 -> 127.0.0.1 port {$ssl_port}\n"; + } } /* Handle PPPOE case */ if (($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { - $rules .= "no rdr on $PPPOE_ALIAS proto tcp from { $exempt_ip } to any port {$pf_rule_port}\n"; + $rules .= "rdr on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port {$pf_rule_port} -> 127.0.0.1 port {$port}\n"; } /* Handle PPTP case */ if ($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { - $rules .= "no rdr on $PPTP_ALIAS proto tcp from { $exempt_ip } to any port {$pf_rule_port}\n"; + $rules .= "rdr on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port {$pf_rule_port} -> 127.0.0.1 port {$port}\n"; } - } - if (!empty($squid_conf['defined_ip_proxy_off_dest'])) { - $defined_ip_proxy_off_dest = explode(";", $squid_conf['defined_ip_proxy_off_dest']); - $exempt_dest = ""; - foreach ($defined_ip_proxy_off_dest as $ip_proxy_off_dest) { - if (!empty($ip_proxy_off_dest)) { - $ip_proxy_off_dest = trim($ip_proxy_off_dest); - if (is_alias($ip_proxy_off_dest)) - $ip_proxy_off_dest = '$'.$ip_proxy_off_dest; - $exempt_dest .= ", $ip_proxy_off_dest"; - } - } - $exempt_dest = substr($exempt_dest,2); + $rules .= "\n"; + break; + case 'filter': + case 'rule': foreach ($transparent_ifaces as $iface) { - $pf_transparent_rule_port=(in_array($iface,$ssl_ifaces) ? "{80,443}" : "80"); - $rules .= "no rdr on $iface proto tcp from any to { $exempt_dest } port {$pf_transparent_rule_port}\n"; + $pf_transparent_rule_port = (in_array($iface, $ssl_ifaces) ? "{80,443,{$port},{$ssl_port}}" : "{80,{$port}}"); + $rules .= "# Setup squid pass rules for proxy\n"; + $rules .= "pass in quick on $iface proto tcp from any to !($iface) port {$pf_transparent_rule_port} flags S/SA keep state\n"; + // $rules .= "pass in quick on $iface proto tcp from any to !($iface) port {$port} flags S/SA keep state\n"; + $rules .= "\n"; } - /* Handle PPPOE case */ - if (($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { - $rules .= "no rdr on $PPPOE_ALIAS proto tcp from any to { $exempt_dest } port {$pf_rule_port}\n"; + if ($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) { + $rules .= "pass in quick on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port {$port} flags S/SA keep state\n"; } - /* Handle PPTP case */ if ($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { - $rules .= "no rdr on $PPTP_ALIAS proto tcp from any to { $exempt_dest } port {$pf_rule_port}\n"; + $rules .= "pass in quick on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port {$port} flags S/SA keep state\n"; } - } - foreach ($transparent_ifaces as $t_iface) { - $pf_transparent_rule_port=(in_array($t_iface,$ssl_ifaces) ? "{80,443}" : "80"); - $rules .= "rdr on $t_iface proto tcp from any to !($t_iface) port 80 -> 127.0.0.1 port {$port}\n"; - if (in_array($t_iface,$ssl_ifaces)) - $rules .= "rdr on $t_iface proto tcp from any to !($t_iface) port 443 -> 127.0.0.1 port {$ssl_port}\n"; - } - /* Handle PPPOE case */ - if (($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) || (function_exists("is_pppoe_server_enabled") && is_pppoe_server_enabled())) { - $rules .= "rdr on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port {$pf_rule_port} -> 127.0.0.1 port {$port}\n"; - } - /* Handle PPTP case */ - if ($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { - $rules .= "rdr on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port {$pf_rule_port} -> 127.0.0.1 port {$port}\n"; - } - $rules .= "\n"; - break; - case 'filter': - case 'rule': - foreach ($transparent_ifaces as $iface) { - $pf_transparent_rule_port=(in_array($iface,$ssl_ifaces) ? "{80,443,{$port},{$ssl_port}}" : "{80,{$port}}"); - $rules .= "# Setup squid pass rules for proxy\n"; - $rules .= "pass in quick on $iface proto tcp from any to !($iface) port {$pf_transparent_rule_port} flags S/SA keep state\n"; - // $rules .= "pass in quick on $iface proto tcp from any to !($iface) port {$port} flags S/SA keep state\n"; - $rules .= "\n"; - }; - if ($config['pppoe']['mode'] == "server" && $config['pppoe']['localip']) { - $rules .= "pass in quick on $PPPOE_ALIAS proto tcp from any to !127.0.0.1 port {$port} flags S/SA keep state\n"; - } - if ($config['pptpd']['mode'] == "server" && $config['pptpd']['localip']) { - $rules .= "pass in quick on $PPTP_ALIAS proto tcp from any to !127.0.0.1 port {$port} flags S/SA keep state\n"; - } - break; - default: - break; + break; + default: + break; } return $rules; @@ -2320,35 +2351,35 @@ function squid_generate_rules($type) { function squid_write_rcfile() { /* Declare a variable for the SQUID_CONFFILE constant. */ - /* Then the variable can be referenced easily in the Heredoc text that generates the rc file. */ + /* Then the variable can be referenced easily in the heredoc text that generates the rc file. */ $squid_conffile_var = SQUID_CONFFILE; $squid_base = SQUID_BASE; $rc = array(); $rc['file'] = 'squid.sh'; - $rc['start'] = <<<EOD -#sysctl net.inet.ip.portrange.reservedhigh=0 -if [ -z "`ps auxw | grep "[s]quid "|awk '{print $2}'`" ];then + $rc['start'] = <<< EOD +#/sbin/sysctl net.inet.ip.portrange.reservedhigh=0 +if [ -z "`/bin/ps auxw | /usr/bin/grep "[s]quid " | /usr/bin/awk '{print $2}'`" ]; then {$squid_base}/sbin/squid -f {$squid_conffile_var} fi EOD; - $rc['stop'] = <<<EOD + $rc['stop'] = <<< EOD {$squid_base}/sbin/squid -k shutdown -f {$squid_conffile_var} # Just to be sure... sleep 5 -if [ -f /usr/bin/ipcs ];then +if [ -x /usr/bin/ipcs ]; then # http://man.chinaunix.net/newsoft/squid/Squid_FAQ/FAQ-22.html#ss22.8 -ipcs | grep '^[mq]' | awk '{printf "ipcrm -%s %s\\n", $1, $2}' | /bin/sh +/usr/bin/ipcs | /usr/bin/grep '^[mq]' | /usr/bin/awk '{printf "ipcrm -%s %s\\n", $1, $2}' | /bin/sh fi -killall -9 squid 2>/dev/null -killall pinger 2>/dev/null +/usr/bin/killall -9 squid 2>/dev/null +/usr/bin/killall pinger 2>/dev/null EOD; - $rc['restart'] = <<<EOD -if [ -z "`ps auxw | grep "[s]quid "|awk '{print $2}'`" ];then + $rc['restart'] = <<< EOD +if [ -z "`ps auxw | /usr/bin/grep "[s]quid " | /usr/bin/awk '{print $2}'`" ]; then {$squid_base}/sbin/squid -f {$squid_conffile_var} else {$squid_base}/sbin/squid -k reconfigure -f {$squid_conffile_var} @@ -2364,46 +2395,48 @@ EOD; function squid_sync_on_changes() { global $config, $g; if (is_array($config['installedpackages']['squidsync']['config'])) { - $squid_sync=$config['installedpackages']['squidsync']['config'][0]; + $squid_sync = $config['installedpackages']['squidsync']['config'][0]; $synconchanges = $squid_sync['synconchanges']; $synctimeout = $squid_sync['synctimeout']; switch ($synconchanges) { - case "manual": - if (is_array($squid_sync[row])) { - $rs=$squid_sync[row]; - } else { - log_error("[squid] xmlrpc sync is enabled but there is no hosts to push on squid config."); - return; - } - break; - case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) { - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['ipaddress']=$system_carp['synchronizetoip']; - $rs[0]['username']=$system_carp['username']; - $rs[0]['password']=$system_carp['password']; - } else { - log_error("[squid] xmlrpc sync is enabled but there is no system backup hosts to push squid config."); + case "manual": + if (is_array($squid_sync['row'])) { + $rs = $squid_sync['row']; + } else { + log_error("[squid] XMLRPC sync is enabled but there is no hosts to push on Squid config."); + return; + } + break; + case "auto": + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) { + $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + } else { + log_error("[squid] XMLRPC sync is enabled but there is no system backup hosts to push Squid config."); + return; + } + break; + default: return; - } - break; - default: - return; - break; + break; } if (is_array($rs)) { - log_error("[squid] xmlrpc sync is starting."); + log_error("[squid] XMLRPC sync is starting."); foreach ($rs as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; - if ($sh['username']) + if ($sh['username']) { $username = $sh['username']; - else + } else { $username = 'admin'; - if ($password && $sync_to_ip) - squid_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout); + } + if ($password && $sync_to_ip) { + squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout); + } } - log_error("[squid] xmlrpc sync is ending."); + log_error("[squid] XMLRPC sync is ending."); } } } @@ -2411,17 +2444,21 @@ function squid_sync_on_changes() { function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { global $config, $g; - if (!$username) + if (!$username) { return; + } - if (!$password) + if (!$password) { return; + } - if (!$sync_to_ip) + if (!$sync_to_ip) { return; + } - if (!$synctimeout) - $synctimeout=250; + if (!$synctimeout) { + $synctimeout = 250; + } $xmlrpc_sync_neighbor = $sync_to_ip; @@ -2430,7 +2467,7 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $synchronizetoip .= "://"; } $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ + /* If port is empty let's rely on the protocol selection */ if ($port == "") { if ($config['system']['webgui']['protocol'] == "http") $port = "80"; @@ -2439,12 +2476,12 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { } $synchronizetoip .= $sync_to_ip; - /* xml will hold the sections to sync */ + /* XML will hold the sections to sync */ $xml = array(); $xml['squid'] = $config['installedpackages']['squid']; $xml['squidupstream'] = $config['installedpackages']['squidupstream']; $xml['squidcache'] = $config['installedpackages']['squidcache']; - $xml['squidantivirus'] = $config['installedpackages']['squidanitivirus']; + $xml['squidantivirus'] = $config['installedpackages']['squidantivirus']; $xml['squidnac'] = $config['installedpackages']['squidnac']; $xml['squidtraffic'] = $config['installedpackages']['squidtraffic']; $xml['squidreversegeneral'] = $config['installedpackages']['squidreversegeneral']; @@ -2452,64 +2489,65 @@ function squid_do_xmlrpc_sync($sync_to_ip, $username, $password, $synctimeout) { $xml['squidreverseuri'] = $config['installedpackages']['squidreverseuri']; $xml['squidauth'] = $config['installedpackages']['squidauth']; $xml['squidusers'] = $config['installedpackages']['squidusers']; - /* assemble xmlrpc payload */ + /* Assemble XMLRPC payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($xml) ); - /* set a few variables needed for sync code borrowed from filter.inc */ + /* Set a few variables needed for sync */ $url = $synchronizetoip; - log_error("[Squid] Beginning squid XMLRPC sync to {$url}:{$port}."); + log_error("[squid] Beginning Squid XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - if ($g['debug']) + if ($g['debug']) { $cli->setDebug(1); - /* send our XMLRPC message and timeout after defined sync timeout value*/ + } + /* Send our XMLRPC message and timeout after defined sync timeout value*/ $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting squid XMLRPC sync with {$url}:{$port}."; + $error = "A communication error occurred while attempting Squid XMLRPC sync with {$url}:{$port}."; log_error($error); - file_notice("sync_settings", $error, "squid Settings Sync", ""); + file_notice("sync_settings", $error, "Squid Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "An error code was received while attempting squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $error = "An error code was received while attempting Squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); - file_notice("sync_settings", $error, "squid Settings Sync", ""); + file_notice("sync_settings", $error, "Squid Settings Sync", ""); } else { - log_error("[Squid] XMLRPC sync successfully completed with {$url}:{$port}."); + log_error("[squid] XMLRPC sync successfully completed with {$url}:{$port}."); } - /* tell squid to reload our settings on the destination sync host. */ + /* Tell Squid to reload our settings on the destination sync host. */ $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/squid.inc');\n"; + $execcmd = "require_once('/usr/local/pkg/squid.inc');\n"; $execcmd .= "squid_resync('yes');"; - /* assemble xmlrpc payload */ + /* Assemble XMLRPC payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - log_error("[Squid] XMLRPC reload data {$url}:{$port}."); + log_error("[squid] XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); if (!$resp) { - $error = "A communications error occurred while attempting squid XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + $error = "A communication error occurred while attempting Squid XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); - file_notice("sync_settings", $error, "squid Settings Sync", ""); + file_notice("sync_settings", $error, "Squid Settings Sync", ""); } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); - $error = "[Squid] An error code was received while attempting squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $error = "[Squid] An error code was received while attempting Squid XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); - file_notice("sync_settings", $error, "squid Settings Sync", ""); + file_notice("sync_settings", $error, "Squid Settings Sync", ""); } else { - log_error("squid XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); + log_error("Squid XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } } diff --git a/config/squid3/34/squid.priv.inc b/config/squid3/34/squid.priv.inc new file mode 100644 index 00000000..66607c86 --- /dev/null +++ b/config/squid3/34/squid.priv.inc @@ -0,0 +1,63 @@ +<?php +/* + squid.priv.inc + part of pfSense (http://www.pfSense.org/) + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $priv_list; + +$priv_list['page-services-squid3'] = array(); +$priv_list['page-services-squid3']['name'] = "WebCfg - Services: Squid3 package"; +$priv_list['page-services-squid3']['descr'] = "Allow access to Squid3 package GUI"; +$priv_list['page-services-squid3']['match'] = array(); + +$priv_list['page-services-squid3']['match'][] = "pkg.php?xml=squid_reverse_peer.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg.php?xml=squid_reverse_redir.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg.php?xml=squid_reverse_uri.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg.php?xml=squid_upstream.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg.php?xml=squid_users.xml*"; + +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_antivirus.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_auth.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_cache.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_nac.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_reverse.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_reverse_general.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_reverse_peer.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_reverse_redir.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_reverse_sync.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_reverse_uri.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_sync.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_traffic.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_upstream.xml*"; +$priv_list['page-services-squid3']['match'][] = "pkg_edit.php?xml=squid_users.xml*"; + +$priv_list['page-services-squid3']['match'][] = "shortcuts/pkg_squid.inc*"; +$priv_list['page-services-squid3']['match'][] = "squid_monitor.php*"; +$priv_list['page-services-squid3']['match'][] = "squid_monitor_data.php*"; +$priv_list['page-services-squid3']['match'][] = "squid_log_parser.php*"; + +?> diff --git a/config/squid3/34/squid.xml b/config/squid3/34/squid.xml index 96f2610c..ded59d42 100644 --- a/config/squid3/34/squid.xml +++ b/config/squid3/34/squid.xml @@ -2,62 +2,58 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2013-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squid</name> - <version>0.2.8</version> - <title>Proxy server: General settings</title> + <version>0.3.5</version> + <title>Proxy Server: General Settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <menu> - <name>Proxy server</name> - <tooltiptext>Modify the proxy server's settings</tooltiptext> + <name>Squid Proxy Server</name> + <tooltiptext>Modify the proxy server settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </menu> <menu> - <name>Reverse Proxy</name> - <tooltiptext>Modify the proxy reverse server's settings</tooltiptext> + <name>Squid Reverse Proxy</name> + <tooltiptext>Modify the reverse proxy server settings</tooltiptext> <section>Services</section> <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> </menu> @@ -65,19 +61,19 @@ <name>squid</name> <rcfile>squid.sh</rcfile> <executable>squid</executable> - <description>Proxy server Service</description> + <description>Squid Proxy Server Service</description> </service> <service> <name>clamd</name> <rcfile>clamav-clamd</rcfile> <executable>clamd</executable> - <description>Clamav Antivirus</description> + <description>ClamAV Antivirus</description> </service> <service> <name>c-icap</name> <rcfile>c-icap</rcfile> <executable>c-icap</executable> - <description>Icap inteface for squid and clamav integration</description> + <description>ICAP Inteface for Squid and ClamAV integration</description> </service> <tabs> <tab> @@ -114,7 +110,7 @@ <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> @@ -122,143 +118,140 @@ <url>/pkg_edit.php?xml=squid_sync.xml</url> </tab> </tabs> - <!-- Installation --> + <!-- START INC files --> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> + <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/squid3/34/squid.inc</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_general.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.inc</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_peer.xml</item> + <prefix>/usr/local/www/shortcuts/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/pkg_squid.inc</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_uri.xml</item> + <prefix>/etc/inc/priv/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid.priv.inc</item> </additional_files_needed> + <!-- END INC files --> + <!-- START XML files --> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_sync.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_sync.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_auth.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> + <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/squid3/34/squid_cache.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> + <prefix>/usr/local/pkg/</prefix> <item>https://packages.pfsense.org/packages/config/squid3/34/squid_nac.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_traffic.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_upstream.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_general.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_peer.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse.inc</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_redir.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_auth.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_sync.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_users.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_uri.xml</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_antivirus.xml</item> + <prefix>/usr/local/pkg/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_sync.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/sqpmon.sh</item> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_traffic.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/swapstate_check.php</item> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_upstream.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_reverse_redir.xml</item> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_users.xml</item> </additional_files_needed> + <!-- END XML files --> + <!-- START additional PHP files --> <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> + <prefix>/usr/local/www/</prefix> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/squid3/34/squid_monitor.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> + <prefix>/usr/local/www/</prefix> <item>https://packages.pfsense.org/packages/config/squid3/34/squid_monitor_data.php</item> </additional_files_needed> + <!-- END additional PHP files --> + <!-- START executable CLI scripts --> <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_log_parser.php</item> + <prefix>/usr/local/bin/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/check_ip.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/squid_clwarn.php</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/sqpmon.sh</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/www/shortcuts/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/pkg_squid.inc</item> + <prefix>/usr/local/www/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/squid_log_parser.php</item> </additional_files_needed> <additional_files_needed> - <prefix>/usr/local/bin/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/squid3/34/check_ip.php</item> + <prefix>/usr/local/pkg/</prefix> + <chmod>0755</chmod> + <item>https://packages.pfsense.org/packages/config/squid3/34/swapstate_check.php</item> </additional_files_needed> + <!-- END executable CLI scripts --> + <advanced_options>enabled</advanced_options> <fields> <field> <name>Squid General Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Proxy interface(s)</fielddescr> + <fielddescr>Proxy Interface(s)</fielddescr> <fieldname>active_interface</fieldname> - <description>The interface(s) the proxy server will bind to.</description> + <description> + <![CDATA[ + The interface(s) the proxy server will bind to.<br/> + <strong>Note: Use CTRL + click to select multiple interfaces.</strong> + ]]> + </description> <type>interfaces_selection</type> <required/> <default_value>lan</default_value> <multiple/> </field> <field> - <fielddescr>Proxy port</fielddescr> + <fielddescr>Proxy Port</fielddescr> <fieldname>proxy_port</fieldname> <description>This is the port the proxy server will listen on.</description> <type>input</type> @@ -267,44 +260,71 @@ <default_value>3128</default_value> </field> <field> - <fielddescr>ICP port</fielddescr> + <fielddescr>ICP Port</fielddescr> <fieldname>icp_port</fieldname> - <description>This is the port the Proxy Server will send and receive ICP queries to and from neighbor caches. Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP.</description> + <description> + <![CDATA[ + This is the port the proxy server will send and receive ICP queries to and from neighbor caches.<br/> + Leave this blank if you don't want the proxy server to communicate with neighbor caches through ICP. + ]]> + </description> <type>input</type> <size>5</size> </field> <field> - <fielddescr>Allow users on interface</fielddescr> + <fielddescr>Allow Users on Interface</fielddescr> <fieldname>allow_interface</fieldname> - <description>If this field is checked, the users connected to the interface selected in the 'Proxy interface' field will be allowed to use the proxy, i.e., there will be no need to add the interface's subnet to the list of allowed subnets. This is just a shortcut.</description> + <description> + <![CDATA[ + If checked, the users connected to the interface(s) selected in the 'Proxy interface(s)' field will be allowed to use the proxy.<br/> + There will be no need to add the interface's subnet to the list of allowed subnets. + ]]> + </description> <type>checkbox</type> - <required/> <default_value>on</default_value> </field> <field> - <fielddescr>Patch captive portal</fielddescr> + <fielddescr>Patch Captive Portal</fielddescr> <fieldname>patch_cp</fieldname> - <description><![CDATA[Enable this option to force captive portal to non transparent proxy users.<br> - <strong>NOTE:</strong> You may need to reapply captive portal config after changing this option.]]></description> + <description> + <![CDATA[ + Enable this option to force Captive Portal to non transparent proxy users.<br/> + <strong>Note:</strong> You may need to reapply Captive Portal settings after changing this option.<br/> + <strong><span class="errmsg">Warning:</span> This alters /etc/inc/captiveportal.inc file! USE WITH CAUTION!</strong> (A backup is made available under /root directory.) + ]]> + </description> <type>checkbox</type> </field> <field> - <fielddescr>Resolv dns v4 first</fielddescr> + <fielddescr>Resolve DNS IPv4 First</fielddescr> <fieldname>dns_v4_first</fieldname> - <description><![CDATA[Enable this option to force dns v4 lookup first. This option is very usefull if you have problems to access https sites.]]></description> + <description> + <![CDATA[ + Enable this to force DNS IPv4 lookup first. This option is very useful if you have problems accessing HTTPS sites. + ]]> + </description> <type>checkbox</type> </field> <field> <fielddescr>Disable ICMP</fielddescr> <fieldname>disable_pinger</fieldname> - <description><![CDATA[Enable this option to disable squid ICMP pinger helper.]]></description> + <description> + <![CDATA[ + Check this to disable Squid ICMP pinger helper. + ]]> + </description> <type>checkbox</type> </field> <field> - <fielddescr>Use alternate DNS-servers for the proxy-server</fielddescr> + <fielddescr>Use Alternate DNS Servers for the Proxy Server</fielddescr> <fieldname>dns_nameservers</fieldname> - <description>If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).</description> + <description> + <![CDATA[ + If you want to use DNS servers other than the DNS forwarder/resolver configured in pfSense, enter the IP(s) here.<br/> + <strong>Note: Separate entries by semi-colons (;)</strong> + ]]> + </description> <type>input</type> <size>70</size> </field> @@ -313,59 +333,88 @@ <type>listtopic</type> </field> <field> - <fielddescr>Transparent HTTP proxy</fielddescr> + <fielddescr>Transparent HTTP Proxy</fielddescr> <fieldname>transparent_proxy</fieldname> - <description><![CDATA[Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration necessary.<br> - <strong>NOTE:</strong> Transparent mode will filter ssl(port 443) if enable men-in-the-middle options below.<br> - To filter both http and https protocol without intercepting ssl connections, enable WPAD/PAC options on your dns/dhcp.]]></description> + <description> + <![CDATA[ + Enable transparent mode to forward all requests for destination port 80 to the proxy server without any additional configuration being necessary.<br/> + <strong>Note:</strong> Transparent mode will filter SSL (port 443) if you enable man-in-the-middle options below.<br/> + In order to proxy both HTTP and HTTPS protocols without intercepting SSL connections, configure WPAD/PAC options on your DNS/DHCP servers. + ]]> + </description> <type>checkbox</type> - <enablefields>transparent_active_interface,private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields> - <required/> + <enablefields>transparent_active_interface,private_subnet_proxy_off,defined_ip_proxy_off,defined_ip_proxy_off_dest</enablefields> </field> <field> - <fielddescr>Transparent Proxy interface(s)</fielddescr> + <fielddescr>Transparent Proxy Interface(s)</fielddescr> <fieldname>transparent_active_interface</fieldname> - <description>The interface(s) the proxy server will transparent intercept requests.</description> + <description> + <![CDATA[ + The interface(s) the proxy server will transparently intercept requests on.<br/> + <strong>Note: Use CTRL + click to select multiple interfaces.</strong> + ]]> + </description> <type>interfaces_selection</type> <required/> <default_value>lan</default_value> <multiple/> </field> <field> - <fielddescr>Bypass proxy for Private Address destination</fielddescr> + <fielddescr>Bypass Proxy for Private Address Destination</fielddescr> <fieldname>private_subnet_proxy_off</fieldname> - <description>Do not forward traffic to Private Address Space (RFC 1918) <b>destination</b> through the proxy server but directly through the firewall.</description> + <description> + <![CDATA[ + Do not forward traffic to Private Address Space (RFC 1918) <strong>destinations</strong> through the proxy server but let is pass directly through the firewall. + ]]> + </description> <type>checkbox</type> </field> <field> - <fielddescr>Bypass proxy for these source IPs</fielddescr> + <fielddescr>Bypass Proxy for These Source IPs</fielddescr> <fieldname>defined_ip_proxy_off</fieldname> - <description>Do not forward traffic from these <b>source</b> IPs, CIDR nets, hostnames, or aliases through the proxy server but directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]</description> + <description> + <![CDATA[ + Do not forward traffic from these <strong>source</strong> IPs, CIDR nets, hostnames, or aliases through the proxy server but let it pass directly through the firewall. + (Applies only to transparent mode.)<br/><br/> + <strong>Note: Separate entries by semi-colons (;)</strong> + ]]> + </description> <type>input</type> - <size>70</size> + <size>70</size> </field> <field> - <fielddescr>Bypass proxy for these destination IPs</fielddescr> + <fielddescr>Bypass Proxy for These Destination IPs</fielddescr> <fieldname>defined_ip_proxy_off_dest</fieldname> - <description>Do not proxy traffic going to these <b>destination</b> IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall. Separate by semi-colons (;). [Applies only to transparent mode]</description> + <description> + <![CDATA[ + Do not proxy traffic going to these <strong>destination</strong> IPs, CIDR nets, hostnames, or aliases, but let it pass directly through the firewall.<br/> + (Applies only to transparent mode.)<br/><br/> + <strong>Note: Separate entries by semi-colons (;)</strong> + ]]> + </description> <type>input</type> - <size>70</size> + <size>70</size> </field> <field> - <name>SSL man in the middle Filtering</name> + <name>SSL Man In the Middle Filtering</name> <type>listtopic</type> </field> <field> <fielddescr>HTTPS/SSL interception</fielddescr> <fieldname>ssl_proxy</fieldname> - <description><![CDATA[Enable SSL filtering.]]></description> + <description>Enable SSL filtering.</description> <type>checkbox</type> - <enablefields>ssl_active_interface,dcert,sslcrtd_children,ssl_proxy_port,interception_checks</enablefields> + <enablefields>ssl_active_interface,dca,sslcrtd_children,ssl_proxy_port,interception_checks</enablefields> </field> <field> - <fielddescr>SSL Intercept interface(s)</fielddescr> + <fielddescr>SSL Intercept Interface(s)</fielddescr> <fieldname>ssl_active_interface</fieldname> - <description>The interface(s) the proxy server will intercept ssl requests.</description> + <description> + <![CDATA[ + The interface(s) the proxy server will intercept SSL requests on.<br/> + <strong>Note: Use CTRL + click to select multiple interfaces.</strong> + ]]> + </description> <type>interfaces_selection</type> <required/> <default_value>lan</default_value> @@ -374,7 +423,7 @@ <field> <fielddescr>SSL Proxy port</fielddescr> <fieldname>ssl_proxy_port</fieldname> - <description>This is the port the proxy server will listen on to intercept ssl while using transparent proxy.</description> + <description>This is the port the proxy server will listen on to intercept SSL while using transparent proxy.</description> <type>input</type> <size>5</size> <default_value>3129</default_value> @@ -382,44 +431,62 @@ <field> <fielddescr>CA</fielddescr> <fieldname>dca</fieldname> - <description><![CDATA[Select Certificate Authority to use when SSL interception is enabled.<br> - To create a CA on pfsense, go to <strong>system -> Cert Manager<strong><br> - Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection.]]></description> - <type>select_source</type> + <description> + <![CDATA[ + Select Certificate Authority to use when SSL interception is enabled.<br/> + To create a CA on pfSense, go to <strong>System -> Cert Manager</strong>.<br/> + Install the CA certificate as a Trusted Root CA on each computer you want to filter SSL on to avoid SSL error on each connection. + ]]> + </description> + <type>select_source</type> <source><![CDATA[$config['ca']]]></source> <source_name>descr</source_name> <source_value>refid</source_value> </field> <field> - <fielddescr>sslcrtd children</fielddescr> + <fielddescr>SSL Certificate Deamon Children</fielddescr> <fieldname>sslcrtd_children</fieldname> - <description><![CDATA[This is the number of ssl crt deamon children to start. Default value is 5.<br> - if Squid is used in busy environments this may need to be increased, as well as the number of 'sslcrtd_children']]></description> + <description> + <![CDATA[ + This is the number of SSL certificate deamon children to start. If Squid is used in busy environments, this may need to be increased.<br/> + Default: 5 + ]]> + </description> <type>input</type> <size>2</size> <default_value>5</default_value> </field> <field> - <fielddescr>Remote Cert checks</fielddescr> + <fielddescr>Remote Cert Checks</fielddescr> <fieldname>interception_checks</fieldname> - <description><![CDATA[Select remote ssl cert checks to do.<br>Defaul is to do not select any of these options.]]></description> - <type>select</type> - <options> - <option><name>Accept remote server certificate Erros</name><value>sslproxy_cert_error</value></option> + <description> + <![CDATA[ + Select remote SSL certificate checks to perform.<br/> + Note: Use CTRL + click to select multiple options.<br/> + ]]> + </description> + <type>select</type> + <options> + <option><name>Accept remote server certificate with errors</name><value>sslproxy_cert_error</value></option> <option><name>Do not verify remote certificate</name><value>sslproxy_flags</value></option> - </options> - <multiple/> - <size>3</size> + </options> + <multiple/> + <size>3</size> </field> <field> - <fielddescr>Certificate adapt</fielddescr> + <fielddescr>Certificate Adapt</fielddescr> <fieldname>interception_adapt</fieldname> - <description><![CDATA[Pass original SSL server certificate information to the user. Allow the user to make an informed decision on whether to trust the server certificate.<br>Hint: Set subject CN<br><a target=_new href='http://wiki.squid-cache.org/Features/MimicSslServerCert'>wiki doc with reference</a>]]></description> + <description> + <![CDATA[ + Pass original SSL server certificate information to the user. Allow the user to make an informed decision on whether to trust the server certificate.<br/> + Hint: Set the subject CN - see <a href="http://wiki.squid-cache.org/Features/MimicSslServerCert">fake certificate properties documentation</a> for details. + ]]> + </description> <type>select</type> <options> - <option><name>Sets the "Not After" (setValidAfter).</name><value>setValidAfter</value></option> - <option><name>Sets the "Not Before" (setValidBefore).</name><value>setValidBefore</value></option> - <option><name>Sets CN property (setCommonName)</name><value>setCommonName</value></option> + <option><name>Sets the "Not After" (setValidAfter)</name><value>setValidAfter</value></option> + <option><name>Sets the "Not Before" (setValidBefore)</name><value>setValidBefore</value></option> + <option><name>Sets CN property (setCommonName)</name><value>setCommonName</value></option> </options> <multiple/> <size>3</size> @@ -429,38 +496,49 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enabled logging</fielddescr> + <fielddescr>Enable Logging</fielddescr> <fieldname>log_enabled</fieldname> - <description>This will enable the access log. Don't switch this on if you don't have much disk space left.</description> + <description> + <![CDATA[ + This will enable the access log. + <strong>Warning:</strong> Do not switch this on if you don't have much disk space left. + ]]> + </description> <type>checkbox</type> - <enablefields>log_query_terms,log_user_agents</enablefields> + <enablefields>log_dir,log_rotate</enablefields> </field> <field> - <fielddescr>Log store directory</fielddescr> + <fielddescr>Log Store Directory</fielddescr> <fieldname>log_dir</fieldname> - <description>The directory where the log will be stored (note: do not end with a / mark)</description> + <description> + <![CDATA[ + The directory where the log will be stored.<br/> + Default: /var/squid/logs<br/> + <strong>Note: Do NOT include the trailing / when setting a custom location.</strong> + ]]> + </description> <type>input</type> <size>60</size> <required/> <default_value>/var/squid/logs</default_value> </field> <field> - <fielddescr>Log rotate</fielddescr> + <fielddescr>Rotate Logs</fielddescr> <fieldname>log_rotate</fieldname> <description>Defines how many days of logfiles will be kept. Rotation is disabled if left empty.</description> <type>input</type> <size>5</size> </field> <field> - <fielddescr>Visible hostname</fielddescr> + <fielddescr>Visible Hostname</fielddescr> <fieldname>visible_hostname</fieldname> - <description>This is the URL to be displayed in proxy server error messages.</description> + <description>This is the hostname to be displayed in proxy server error messages.</description> <type>input</type> <size>60</size> <default_value>localhost</default_value> </field> <field> - <fielddescr>Administrator email</fielddescr> + <fielddescr>Administrator's Email</fielddescr> <fieldname>admin_email</fieldname> <description>This is the email address displayed in error messages to the users.</description> <type>input</type> @@ -468,16 +546,71 @@ <default_value>admin@localhost</default_value> </field> <field> - <fielddescr>Language</fielddescr> + <fielddescr>Error Language</fielddescr> <fieldname>error_language</fieldname> <description>Select the language in which the proxy server will display error messages to users.</description> <type>select</type> <default_value>en</default_value> + <options> + <option><name>af</name><value>af</value></option> + <option><name>ar</name><value>ar</value></option> + <option><name>az</name><value>az</value></option> + <option><name>bg</name><value>bg</value></option> + <option><name>ca</name><value>ca</value></option> + <option><name>cs</name><value>cs</value></option> + <option><name>da</name><value>da</value></option> + <option><name>de</name><value>de</value></option> + <option><name>el</name><value>el</value></option> + <option><name>en</name><value>en</value></option> + <option><name>es</name><value>es</value></option> + <option><name>et</name><value>et</value></option> + <option><name>fa</name><value>fa</value></option> + <option><name>fi</name><value>fi</value></option> + <option><name>fr</name><value>fr</value></option> + <option><name>he</name><value>he</value></option> + <option><name>hu</name><value>hu</value></option> + <option><name>hy</name><value>hy</value></option> + <option><name>id</name><value>id</value></option> + <option><name>it</name><value>it</value></option> + <option><name>ja</name><value>ja</value></option> + <option><name>ko</name><value>ko</value></option> + <option><name>lt</name><value>lt</value></option> + <option><name>lv</name><value>lv</value></option> + <option><name>ms</name><value>ms</value></option> + <option><name>nl</name><value>nl</value></option> + <option><name>oc</name><value>oc</value></option> + <option><name>pl</name><value>pl</value></option> + <option><name>pt</name><value>pt</value></option> + <option><name>pt-br</name><value>pt-br</value></option> + <option><name>ro</name><value>ro</value></option> + <option><name>ru</name><value>ru</value></option> + <option><name>sk</name><value>sk</value></option> + <option><name>sl</name><value>sl</value></option> + <option><name>sr-cyrl</name><value>sr-cyrl</value></option> + <option><name>sr-latn</name><value>sr-latn</value></option> + <option><name>sv</name><value>sv</value></option> + <option><name>th</name><value>th</value></option> + <option><name>tr</name><value>tr</value></option> + <option><name>uk</name><value>uk</value></option> + <option><name>uz</name><value>uz</value></option> + <option><name>vi</name><value>vi</value></option> + <option><name>zh-cn</name><value>zh-cn</value></option> + <option><name>zh-tw</name><value>zh-tw</value></option> + </options> </field> <field> - <fielddescr>X-Forward Mode</fielddescr> + <fielddescr>X-Forwarded Header Mode</fielddescr> <fieldname>xforward_mode</fieldname> - <description><p><b> on:</b> Squid will append your client's IP address in the HTTP requests it forwards. (Default)<p> By default it looks like: X-Forwarded-For: 192.1.2.3 <p> <b> off:</b> It will appear as: X-Forwarded-For: unknown<p> <b> transparent:</b> Squid will not alter the X-Forwarded-For header in any way.<p> <b> delete:</b> Squid will delete the entire X-Forwarded-For header.<p> <b> truncate:</b> Squid will remove all existing X-Forwarded-For entries, and place the client IP as the sole entry.</description> + <description> + <![CDATA[ + <strong>on:</strong> Squid will append your client's IP address in the HTTP requests it forwards. The header looks like: X-Forwarded-For: 192.1.2.3.<br/> + <strong>off:</strong> Squid will NOT append your client's IP address in the HTTP requests it forwards. The header looks like: X-Forwarded-For: unknown<br/> + <strong>transparent:</strong> Squid will not alter the X-Forwarded-For header in any way.<br/> + <strong>delete:</strong> Squid will delete the entire X-Forwarded-For header.<br/> + <strong>truncate:</strong> Squid will remove all existing X-Forwarded-For header entries and place the client's IP address as the only header entry.<br/><br/> + Default: on + ]]> + </description> <type>select</type> <default_value>on</default_value> <options> @@ -489,26 +622,39 @@ </options> </field> <field> - <fielddescr>Disable VIA</fielddescr> + <fielddescr>Disable VIA Header</fielddescr> <fieldname>disable_via</fieldname> <description>If not set, Squid will include a Via header in requests and replies as required by RFC2616.</description> <type>checkbox</type> </field> <field> - <fielddescr>Log denied pages by squidguard</fielddescr> + <fielddescr>Log Pages Denied by SquidGuard</fielddescr> <fieldname>log_sqd</fieldname> - <description><![CDATA[Enable squidguard denied log to be included on squid logs.<br> - <strong>Note:</strong> This option only will work if you include this code on your sgerror.php file to force client browser send a second request to squid with denied string on url.<br><br> - $sge_prefix=(preg_match("/\?/",$cl['u'])?"&":"?");<br> - $str[] = '< iframe > src="'.$cl['u'].$sge_prefix.'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';<br><br> - removing extra space on iframe html code.]]></description> + <description> + <![CDATA[ + Makes it possible for SquidGuard denied log to be included on Squid logs.<br/> + <strong>Note: This option will only work if you include the code below in your sgerror.php file.</strong><br/> + This forces the client browser to send a second request to Squid with the denied string in URL.<br/><br/> + $sge_prefix = (preg_match("/\?/", $cl['u']) ? "&" : "?");<br/> + $str[] = '< iframe > src="'. $cl['u'] . $sge_prefix . 'sgr=ACCESSDENIED" width="1" height="1" > < /iframe >';<br/><br/> + <strong>Hint: You MUST remove extra spaces in the above iframe HTML tags.</strong> + ]]> + </description> <type>checkbox</type> </field> <field> - <fielddescr>What to do with requests that have whitespace characters in the URI</fielddescr> + <fielddescr>URI Whitespace Characters Handling</fielddescr> <fieldname>uri_whitespace</fieldname> - <description><b> strip:</b> The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396. <p> <b> deny:</b> The request is denied. The user receives an "Invalid Request" message.<p> <b> allow:</b> The request is allowed and the URI is not changed. The whitespace characters remain in the URI.<p> <b> encode:</b> The request is allowed and the whitespace characters are encoded according to RFC1738.<p> <b> chop:</b> The request is allowed and the URI is chopped at the first whitespace.</description> - <type>select</type> + <description> + <![CDATA[ + <strong>strip:</strong> The whitespace characters are stripped out of the URI. This is the behavior recommended by RFC2396. + <strong>deny:</strong> The request is denied. The user receives an "Invalid Request" message. + <strong>allow:</strong> The request is allowed and the URI is not changed. The whitespace characters remain in the URI. + <strong>encode:</strong> The request is allowed and the whitespace characters are encoded according to RFC1738. + <strong>chop:</strong> The request is allowed and the URI is chopped at the first whitespace. + ]]> + </description> + <type>select</type> <default_value>strip</default_value> <options> <option><name>strip</name><value>strip</value></option> @@ -521,45 +667,53 @@ <field> <fielddescr>Suppress Squid Version</fielddescr> <fieldname>disable_squidversion</fieldname> - <description>If set, suppress Squid version string info in HTTP headers and HTML error pages.</description> + <description>Suppresses Squid version string info in HTTP headers and HTML error pages if enabled.</description> <type>checkbox</type> </field> <field> - <name>Custom Settings</name> - <type>listtopic</type> - </field> - <field> <fielddescr>Integrations</fielddescr> <fieldname>custom_options</fieldname> - <description><![CDATA[Squid options added from packages like squidguard or havp for squid integration.]]></description> + <description> + <![CDATA[ + Squid options added from packages like SquidGuard or HAVP for Squid integration. + ]]> + </description> <type>textarea</type> <cols>78</cols> <rows>5</rows> + <advancedfield/> </field> - <field> - <fielddescr>Custom ACLS (Before_Auth)</fielddescr> + <field> + <fielddescr>Custom ACLS (Before Auth)</fielddescr> <fieldname>custom_options_squid3</fieldname> - <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration before authetication acls(if any).<br> - <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> + <description> + <![CDATA[ + Put your own custom options here, one per line. They'll be added to the configuration before authetication ACLS (if any).<br/> + <strong><span class="errmsg">Warning:</span> These need to be squid.conf native options, otherwise Squid will NOT work.</strong> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <cols>78</cols> <rows>10</rows> + <advancedfield/> </field> - <field> - <fielddescr>Custom ACLS (After_Auth)</fielddescr> + <field> + <fielddescr>Custom ACLS (After Auth)</fielddescr> <fieldname>custom_options2_squid3</fieldname> - <description><![CDATA[Put your own custom options here,one per line. They'll be added to the configuration after authetication definition(if any).<br> - <strong>They need to be squid.conf native options, otherwise squid will NOT work.</strong>]]></description> + <description> + <![CDATA[ + Put your own custom options here, one per line. They'll be added to the configuration after authentication definition (if any).<br/> + <strong><span class="errmsg">Warning:</span> These need to be squid.conf native options, otherwise Squid will NOT work.</strong> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <cols>78</cols> <rows>10</rows> + <advancedfield/> </field> </fields> - <custom_php_command_before_form> - squid_before_form_general($pkg); - </custom_php_command_before_form> <custom_add_php_command> squid_resync(); </custom_add_php_command> @@ -568,18 +722,20 @@ </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); - unlink_if_exists("/usr/local/etc/rc.d/squid"); </custom_php_resync_config_command> <custom_php_install_command> + <![CDATA[ update_status("Checking Squid cache... One moment please..."); - update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); + update_output_window("This operation may take quite some time, please be patient. Do not press stop or attempt to navigate away from this page during this process."); squid_install_command(); - squid_resync(); exec("/bin/rm -f /usr/local/etc/rc.d/squid"); + ]]> </custom_php_install_command> <custom_php_deinstall_command> + <![CDATA[ squid_deinstall_command(); exec("/bin/rm -f /usr/local/etc/rc.d/squid*"); + ]]> </custom_php_deinstall_command> <filter_rules_needed>squid_generate_rules</filter_rules_needed> </packagegui> diff --git a/config/squid3/34/squid_antivirus.xml b/config/squid3/34/squid_antivirus.xml index c722598d..8d74eb2a 100755 --- a/config/squid3/34/squid_antivirus.xml +++ b/config/squid3/34/squid_antivirus.xml @@ -2,56 +2,52 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - squid_antivirus.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2013-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_antivirus.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidantivirus</name> - <version>none</version> + <version>0.3.5</version> <title>Proxy server: Antivirus</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> - <tab> - <text>General</text> + <tab> + <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> @@ -74,7 +70,6 @@ <tab> <text>Traffic Mgmt</text> <url>/pkg_edit.php?xml=squid_traffic.xml&id=0</url> - </tab> <tab> <text>Authentication</text> @@ -85,7 +80,7 @@ <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> @@ -93,36 +88,36 @@ <url>/pkg_edit.php?xml=squid_sync.xml</url> </tab> </tabs> + <advanced_options>enabled</advanced_options> <fields> <field> - <name>Clamav anti-virus integration using c-icap</name> + <name>ClamAV Anti-Virus Integration Using C-ICAP</name> <type>listtopic</type> </field> - <field> + <field> <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> - <description>Enable squid antivirus check using clamav.</description> - <enablefields>max_check_size,Timeout,MaxKeepAliveRequests,KeepAliveTimeout,StartServers,MaxServers</enablefields> + <description>Enable Squid antivirus check using ClamAV.</description> <type>checkbox</type> </field> <field> - <fielddescr>Client forward options</fielddescr> + <fielddescr>Client Forward Options</fielddescr> <fieldname>client_info</fieldname> - <description><![CDATA[Select what client info to forward to clamav.]]></description> - <type>select</type> - <default_value>strip</default_value> + <description> + <![CDATA[ + Select what client info to forward to ClamAV. + ]]> + </description> + <type>select</type> + <default_value>both</default_value> <options> - <option><name>Send Both client username and ip info(Default)</name><value>both</value></option> + <option><name>Send both client username and IP info (Default)</name><value>both</value></option> <option><name>Send only client username</name><value>username</value></option> - <option><name>Send only client ip</name><value>ip</value></option> + <option><name>Send only client IP</name><value>ip</value></option> <option><name>Do not send client info</name><value>none</value></option> </options> </field> <field> - <name>Advanced options</name> - <type>listtopic</type> - </field> - <field> <fielddescr>squidclamav.conf</fielddescr> <fieldname>squidclamav</fieldname> <description>squidclamav.conf file. Leave empty to load sample file. Edit only if you know what are you doing.</description> @@ -130,8 +125,9 @@ <encoding>base64</encoding> <cols>75</cols> <rows>15</rows> + <advancedfield/> </field> - <field> + <field> <fielddescr>c-icap.conf</fielddescr> <fieldname>c-icap_conf</fieldname> <description>c-icap.conf file. Leave empty to load sample file. Edit only if you know what are you doing.</description> @@ -139,6 +135,7 @@ <encoding>base64</encoding> <cols>75</cols> <rows>15</rows> + <advancedfield/> </field> <field> <fielddescr>c-icap.magic</fielddescr> @@ -148,6 +145,7 @@ <encoding>base64</encoding> <cols>75</cols> <rows>15</rows> + <advancedfield/> </field> </fields> <custom_php_validation_command> diff --git a/config/squid3/34/squid_auth.xml b/config/squid3/34/squid_auth.xml index 7f54b156..e2bae945 100755 --- a/config/squid3/34/squid_auth.xml +++ b/config/squid3/34/squid_auth.xml @@ -2,53 +2,48 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_auth.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidauth</name> - <version>none</version> - <title>Proxy server: Authentication</title> + <version>0.3.5</version> + <title>Proxy Server: Authentication</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> @@ -85,7 +80,7 @@ <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> @@ -99,7 +94,7 @@ <type>listtopic</type> </field> <field> - <fielddescr>Authentication method</fielddescr> + <fielddescr>Authentication Method</fielddescr> <fieldname>auth_method</fieldname> <description>Select an authentication method. This will allow users to be authenticated by local or external services.</description> <type>select</type> @@ -111,33 +106,38 @@ <option><name>LDAP</name><value>ldap</value></option> <option><name>RADIUS</name><value>radius</value></option> <option><name>Captive Portal</name><value>cp</value></option> - <option><name>NT domain</name><value>msnt</value></option> + <option><name>NT Domain</name><value>msnt</value></option> </options> <onchange>on_auth_method_changed()</onchange> </field> <field> - <fielddescr>Authentication server</fielddescr> + <fielddescr>Authentication Server</fielddescr> <fieldname>auth_server</fieldname> - <description>Enter here the IP or hostname of the server that will perform the authentication.</description> + <description>Enter the IP or hostname of the server that will perform the authentication here.</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>Authentication server port</fielddescr> <fieldname>auth_server_port</fieldname> - <description>Enter here the port to use to connect to the authentication server. Leave this field blank to use the authentication method's default port.</description> + <description> + <![CDATA[ + Enter the port to use to connect to the authentication server here.<br/> + Leave this field blank to use the authentication method's default port. + ]]> + </description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>Authentication prompt</fielddescr> + <fielddescr>Authentication Prompt</fielddescr> <fieldname>auth_prompt</fieldname> <description>This string will be displayed at the top of the authentication request window.</description> <type>input</type> <default_value>Please enter your credentials to access the proxy</default_value> </field> <field> - <fielddescr>Authentication processes</fielddescr> + <fielddescr>Authentication Processes</fielddescr> <fieldname>auth_processes</fieldname> <description>The number of authenticator processes to spawn. If many authentications are expected within a short timeframe, increase this number accordingly.</description> <type>input</type> @@ -147,74 +147,87 @@ <field> <fielddescr>Authentication TTL</fielddescr> <fieldname>auth_ttl</fieldname> - <description>This specifies for how long (in seconds) the proxy server assumes an externally validated username and password combination is valid (Time To Live). When the TTL expires, the user will be prompted for credentials again.Default value is 5.</description> + <description> + <![CDATA[ + This specifies for how long (in minutes) the proxy server assumes an externally validated username and password combination is valid (Time To Live).<br/> + When the TTL expires, the user will be prompted for credentials again.<br/> + Default value: 5. + ]]> + </description> <type>input</type> <size>5</size> <default_value>5</default_value> </field> <field> - <fielddescr>Requiere authentication for unrestricted hosts</fielddescr> + <fielddescr>Require Authentication for Unrestricted Hosts</fielddescr> <fieldname>unrestricted_auth</fieldname> - <description>If this option is enabled, even users tagged as unrestricted through access control are required to authenticate to use the proxy.</description> + <description>If enabled, even users tagged as unrestricted through access control are required to authenticate to use the proxy.</description> <type>checkbox</type> </field> <field> - <fielddescr>Subnets that don't need authentication</fielddescr> + <fielddescr>Subnets That Don't Need Authentication</fielddescr> <fieldname>no_auth_hosts</fieldname> - <description>Enter each subnet or IP address on a new line (in CIDR format, e.g.: 10.5.0.0/16, 192.168.1.50/32) that should not be asked for authentication to access the proxy.</description> + <description> + <![CDATA[ + Enter subnet(s) or IP address(es) (in CIDR format) that should NOT be asked for authentication to access the proxy.<br/> + Example (subnet): 10.5.0.0/16<br/> + Example (single host): 192.168.1.50/32<br/><br/> + <strong>Note: Put each entry on a separate line.</strong> + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> - <name>Squid Authentication Ldap Settings</name> + <name>Squid Authentication LDAP Settings</name> <type>listtopic</type> </field> <field> <fielddescr>LDAP version</fielddescr> <fieldname>ldap_version</fieldname> - <description>Enter LDAP protocol version (2 or 3).</description> + <description>Select LDAP protocol version.</description> <type>select</type> <default_value>2</default_value> <options> - <option><name>2</name><value>2</value></option> - <option><name>3</name><value>3</value></option> + <option><name>2</name><value>2</value></option> + <option><name>3</name><value>3</value></option> </options> </field> <field> - <fielddescr>LDAP server user DN</fielddescr> + <fielddescr>LDAP Server User DN</fielddescr> <fieldname>ldap_user</fieldname> - <description>Enter here the user DN to use to connect to the LDAP server.</description> + <description>Enter the user DN to use to connect to the LDAP server here.</description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>LDAP password</fielddescr> + <fielddescr>LDAP Password</fielddescr> <fieldname>ldap_pass</fieldname> - <description>Enter here the password to use to connect to the LDAP server.</description> + <description>Enter the password to use to connect to the LDAP server here.</description> <type>password</type> <size>20</size> </field> <field> - <fielddescr>LDAP base domain</fielddescr> + <fielddescr>LDAP Base Domain</fielddescr> <fieldname>ldap_basedomain</fieldname> - <description>For LDAP authentication, enter here the base domain in the LDAP server.</description> + <description>Enter the base domain of the LDAP server here.</description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>LDAP username DN attribute</fielddescr> + <fielddescr>LDAP Username DN Attribute</fielddescr> <fieldname>ldap_userattribute</fieldname> - <description>Enter LDAP username DN attibute.</description> + <description>Enter LDAP username DN attibute here.</description> <type>input</type> <size>20</size> <default_value>uid</default_value> </field> <field> - <fielddescr>LDAP search filter</fielddescr> + <fielddescr>LDAP Search Filter</fielddescr> <fieldname>ldap_filter</fieldname> - <description>Enter LDAP search filter.</description> + <description>Enter LDAP search filter here.</description> <type>input</type> <size>40</size> <default_value>(&(objectClass=person)(uid=%s))</default_value> @@ -224,27 +237,27 @@ <type>listtopic</type> </field> <field> - <fielddescr>NT domain</fielddescr> + <fielddescr>NT Domain</fielddescr> <fieldname>auth_ntdomain</fieldname> - <description>Enter here the NT domain.</description> + <description>Enter the NT domain here.</description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>Secondary NT servers</fielddescr> + <fielddescr>Secondary NT Servers</fielddescr> <fieldname>msnt_secondary</fieldname> - <description>Comma-separated list of secondary servers to be used for NT domain authentication.</description> + <description>Enter comma-separated list of secondary servers to be used for NT domain authentication here.</description> <type>input</type> <size>60</size> </field> <field> - <name>Squid Authentication Radius Settings</name> + <name>Squid Authentication RADIUS Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>RADIUS secret</fielddescr> + <fielddescr>RADIUS Secret</fielddescr> <fieldname>radius_secret</fieldname> - <description>The RADIUS secret for RADIUS authentication.</description> + <description>Enter the RADIUS secret for RADIUS authentication here.</description> <type>password</type> <size>20</size> </field> @@ -262,9 +275,12 @@ squid_print_javascript_auth2(); </custom_php_before_form_command> <custom_php_after_head_command> + <![CDATA[ $transparent_proxy = ($config['installedpackages']['squid']['config'][0]['transparent_proxy'] == 'on'); - if($transparent_proxy and preg_match("/(local|ldap|radius|msnt|ntlm)/",$config['installedpackages']['squidauth']['config'][0]['auth_method'])) + if ($transparent_proxy and preg_match("/(local|ldap|radius|msnt|ntlm)/", $config['installedpackages']['squidauth']['config'][0]['auth_method'])) { $input_errors[] = "Authentication cannot be enabled while transparent proxy mode is enabled"; + } squid_print_javascript_auth(); + ]]> </custom_php_after_head_command> </packagegui> diff --git a/config/squid3/34/squid_cache.xml b/config/squid3/34/squid_cache.xml index f9204d46..ff861897 100755 --- a/config/squid3/34/squid_cache.xml +++ b/config/squid3/34/squid_cache.xml @@ -2,56 +2,51 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_cache.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form MUST reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidcache</name> - <version>none</version> - <title>Proxy server: Cache management</title> + <version>0.3.5</version> + <title>Proxy Server: Cache management</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> -<tab> + <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> @@ -85,7 +80,7 @@ <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> @@ -99,78 +94,120 @@ <type>listtopic</type> </field> <field> - <fielddescr>Cache replacement policy</fielddescr> + <fielddescr>Cache Replacement Policy</fielddescr> <fieldname>cache_replacement_policy</fieldname> - <description>The cache replacement policy decides which objects will remain in cache and which objects are replaced to create space for the new objects. The default policy for cache replacement is LFUDA. Please see the type descriptions specified in the memory replacement policy for additional detail.</description> + <description> + <![CDATA[ + The cache replacement policy decides which objects will remain in cache and which objects are replaced to create space for the new objects.<br/><br/> + <strong>Heap LFUDA:</strong> Keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate.<br/> + <strong>Heap GDSF:</strong> Optimizes object-hit rate by keeping smaller, popular objects in cache.<br/> + <strong>Heap LRU:</strong> Works like LRU, but uses a heap instead.<br/> + <strong>LRU:</strong> Keeps recently referenced objects (i.e., replaces the object that has not been accessed for the longest time).<br/> + Please see <a href="http://www.squid-cache.org/Doc/config/cache_replacement_policy/">cache_replacement_policy documentation</a> for additional details.<br/><br/> + Default: heap LFUDA + ]]> + </description> <type>select</type> <default_value>heap LFUDA</default_value> <options> - <option><name>LRU</name><value>lru</value></option> <option><name>Heap LFUDA</name><value>heap LFUDA</value></option> <option><name>Heap GDSF</name><value>heap GDSF</value></option> <option><name>Heap LRU</name><value>heap LRU</value></option> + <option><name>LRU</name><value>lru</value></option> </options> </field> <field> - <fielddescr>Low-water-mark in %</fielddescr> + <fielddescr>Low-Water Mark in %</fielddescr> <fieldname>cache_swap_low</fieldname> - <description>Cache replacement begins when the swap usage is above the low-low-water mark and attempts to maintain utilisation near the low-water-mark.</description> + <description> + <![CDATA[ + The low-water mark for AUFS/UFS/diskd cache object eviction by the cache_replacement_policy algorithm.<br/> + Cache replacement begins when the swap usage is above this low-water mark and attempts to maintain utilisation near the low-water mark.<br/> + Please see <a href="http://www.squid-cache.org/Doc/config/cache_swap_low/">cache_swap_low documentation</a> for additional details.<br/> + ]]> + </description> <type>input</type> <size>5</size> <default_value>90</default_value> </field> <field> - <fielddescr>High-water-mark in %</fielddescr> + <fielddescr>High-Water Mark in %</fielddescr> <fieldname>cache_swap_high</fieldname> - <description>As swap utilisation gets close to the high-water-mark object eviction becomes more aggressive.</description> + <description> + <![CDATA[ + The high-water mark for AUFS/UFS/diskd cache object eviction by the cache_replacement_policy algorithm.<br/> + As swap utilization increases towards this high-water mark, object eviction becomes more agressive.<br/> + Please see <a href="http://www.squid-cache.org/Doc/config/cache_swap_high/">cache_swap_high documentation</a> for additional details.<br/> + ]]> + </description> <type>input</type> <size>5</size> <default_value>95</default_value> </field> <field> - <fielddescr>Do not cache</fielddescr> + <fielddescr>Do Not Cache</fielddescr> <fieldname>donotcache</fieldname> - <description>Enter each domain or IP address on a new line that should never be cached.</description> + <description> + <![CDATA[ + Enter domain(s) and/or IP address(es) that should never be cached.<br/> + <strong>Note: Put each entry on a separate line.</strong> + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> - <fielddescr>Enable offline mode</fielddescr> + <fielddescr>Enable Offline Mode</fielddescr> <fieldname>enable_offline</fieldname> - <description>Enable this option and the proxy server will never try to validate cached objects. The offline mode gives access to more cached information than the proposed feature would allow (stale cached versions, where the origin server should have been contacted).</description> + <description> + <![CDATA[ + Enable this option and the proxy server will never try to validate cached objects.<br/> + Offline mode gives access to more cached information than normally allowed (e.g., expired cached versions where the origin server should have been contacted otherwise). + ]]> + </description> <type>checkbox</type> <required/> </field> <field> - <fielddescr>External Cache-Managers</fielddescr> + <fielddescr>External Cache Managers</fielddescr> <fieldname>ext_cachemanager</fieldname> - <description>Enter the IPs for the external Cache Managers to be allowed here, separated by semi-colons (;).</description> + <description> + <![CDATA[ + Enter the IPs for the external <a href="http://wiki.squid-cache.org/Features/CacheManager">Cache Managers</a> to be granted access to this proxy. + <strong>Note: Separate entries by semi-colons (;)</strong> + ]]> + </description> <type>input</type> <size>60</size> - </field> + </field> <field> - <name>Squid Hard disk cacheSettings</name> + <name>Squid Hard Disk Cache Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Hard disk cache size</fielddescr> + <fielddescr>Hard Disk Cache Size</fielddescr> <fieldname>harddisk_cache_size</fieldname> - <description>This is the amount of disk space (in megabytes) to use for cached objects.</description> + <description>Amount of disk space (in megabytes) to use for cached objects.</description> <type>input</type> <required/> <size>10</size> <default_value>100</default_value> </field> <field> - <fielddescr>Hard disk cache system</fielddescr> + <fielddescr>Hard Disk Cache System</fielddescr> <fieldname>harddisk_cache_system</fieldname> - <description><![CDATA[This specifies the kind of storage system to use. - <br><br><b>ufs</b> is the old well-known Squid storage format that has always been there. - <br><br><b>aufs</b> uses POSIX-threads to avoid blocking the main Squid process on disk-I/O. (Formerly known as async-io.) - <br><br><b>diskd</b> uses a separate process to avoid blocking the main Squid process on disk-I/O.<br>To use <b>ipcs</b> and <b>ipcrm</b> on squid, Download livefs.iso from ftp://ftp.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/8.3/ mount it and copy <b>/usr/bin/ipcs</b> and <b>/usr/bin/ipcrm</b> to your system and set them as executables. - <br><br><b>null</b> Does not use any storage. Ideal for Embedded/NanoBSD.]]></description> + <description> + <![CDATA[ + This specifies the kind of storage system to use.<br/><br/> + <strong>ufs</strong> - the old well-known Squid storage format that has always been there.<br/> + <strong>aufs</strong> - uses POSIX threads to avoid blocking the main Squid process on disk I/O. (Formerly known as async-io.)<br/> + <strong>diskd</strong> - uses a separate process to avoid blocking the main Squid process on disk I/O.<br/> + <strong>null</strong> - does not use any storage. Ideal for Embedded/NanoBSD.<br/><br/> + Please see <a href="http://www.squid-cache.org/Doc/config/cache_dir/">cache_dir documentation</a> for additional details. + ]]> + </description> <type>select</type> <default_value>ufs</default_value> <options> @@ -181,16 +218,25 @@ </options> </field> <field> - <fielddescr>Clear cache on log rotate</fielddescr> + <fielddescr>Clear Cache on Log Rotate</fielddescr> <fieldname>clear_cache</fieldname> - <description><![CDATA[If set, Squid will clear cache and swap.state on every log rotate.<br> - This action will be executed automatically if the swap.state file is taking up more than 75% disk space,or the drive is 90%]]></description> + <description> + <![CDATA[ + If set, Squid will clear cache and swap.state every time the log is rotated.<br/> + Note: This action will be executed automatically if the swap.state file is taking up more than 75% of available space, or the filesystem is 90% full. + ]]> + </description> <type>checkbox</type> - </field> + </field> <field> - <fielddescr>Level 1 subdirectories</fielddescr> + <fielddescr>Level 1 Directories</fielddescr> <fieldname>level1_subdirs</fieldname> - <description>Each level-1 directory contains 256 subdirectories, so a value of 256 level-1 directories will use a total of 65536 directories for the hard disk cache. This will significantly slow down the startup process of the proxy service, but can speed up the caching under certain conditions.</description> + <description> + <![CDATA[ + Each level-1 directory contains 256 subdirectories, so a value of 256 level-1 directories will use a total of 65536 directories for the hard disk cache.<br/> + This will <strong>significantly</strong> slow down the startup process of the proxy service, but can speed up the caching under certain conditions. + ]]> + </description> <type>select</type> <default_value>16</default_value> <options> @@ -204,27 +250,44 @@ </options> </field> <field> - <fielddescr>Hard disk cache location</fielddescr> + <fielddescr>Hard Disk Cache Location</fielddescr> <fieldname>harddisk_cache_location</fieldname> - <description>This is the directory where the cache will be stored. (note: do not end with a /). If you change this location, squid needs to make a new cache, this could take a while</description> + <description> + <![CDATA[ + This is the directory where the cache will be stored. If you change this location, Squid needs to make a new cache, this could take a while.<br/> + Default: /var/squid/cache<br/> + <strong>Note: Do NOT include the trailing / when setting a custom location.</strong> + ]]> + </description> <type>input</type> <size>60</size> <required/> <default_value>/var/squid/cache</default_value> </field> <field> - <fielddescr>Minimum object size</fielddescr> + <fielddescr>Minimum Object Size</fielddescr> <fieldname>minimum_object_size</fieldname> - <description>Objects smaller than the size specified (in kilobytes) will not be saved on disk. The default value is 0, meaning there is no minimum.</description> + <description> + <![CDATA[ + Objects smaller than the size specified (in kilobytes) will not be saved on disk.<br/> + Default: 0 (meaning there is no minimum) + ]]> + </description> <type>input</type> <required /> <size>10</size> <default_value>0</default_value> </field> <field> - <fielddescr>Maximum object size</fielddescr> + <fielddescr>Maximum Object Size</fielddescr> <fieldname>maximum_object_size</fieldname> - <description>Objects larger than the size specified (in kilobytes) will not be saved on disk. If you wish to increase speed more than you want to save bandwidth, this should be set to a low value.</description> + <description> + <![CDATA[ + Objects larger than the size specified (in megabytes) will not be saved on disk.<br/> + Hint: If increased speed is more important than saving bandwidth, this should be set to a low value.<br/> + Default: 4 (MB) + ]]> + </description> <type>input</type> <required/> <size>10</size> @@ -235,34 +298,56 @@ <type>listtopic</type> </field> <field> - <fielddescr>Memory cache size</fielddescr> + <fielddescr>Memory Cache Size</fielddescr> <fieldname>memory_cache_size</fieldname> - <description>This is the amount of physical RAM (in megabytes) to be used for negative cache and in-transit objects. This value should not exceed more than 50% of the installed RAM. The minimum value is 1MB.</description> + <description> + <![CDATA[ + Specifies the ideal amount of physical RAM (in megabytes) to be used for In-Transit objects, Hot Objects and Negative-Cached objects.<br/> + Please see <a href="http://www.squid-cache.org/Doc/config/cache_mem/">cache_mem documentation</a> for additional details.<br/> + This value should not exceed 50% of the installed RAM. The minimum value is 1MB.<br/><br/> + Default: 64 (MB) + ]]> + </description> <type>input</type> <size>10</size> <required/> - <default_value>8</default_value> + <default_value>64</default_value> </field> <field> - <fielddescr>Maximum object size in RAM</fielddescr> + <fielddescr>Maximum Object Size in RAM</fielddescr> <fieldname>maximum_objsize_in_mem</fieldname> - <description>Objects smaller than the size specified (in kilobytes) will be saved in RAM. Default is 32.</description> + <description> + <![CDATA[ + Objects greater than this size (in kilobytes) will not be attempted to kept in the memory cache.<br/> + Default: 256 (KB) + ]]> + </description> <type>input</type> <size>10</size> <required/> - <default_value>32</default_value> - </field> + <default_value>256</default_value> + </field> <field> - <fielddescr>Memory replacement policy</fielddescr> + <fielddescr>Memory Replacement Policy</fielddescr> <fieldname>memory_replacement_policy</fieldname> - <description>The memory replacement policy determines which objects are purged from memory when space is needed. The default policy for memory replacement is GDSF. <p> <b> LRU: Last Recently Used Policy </b> - The LRU policies keep recently referenced objects. i.e., it replaces the object that has not been accessed for the longest time. <p> <b> Heap GDSF: Greedy-Dual Size Frequency </b> - The Heap GDSF policy optimizes object-hit rate by keeping smaller, popular objects in cache. It achieves a lower byte hit rate than LFUDA though, since it evicts larger (possibly popular) objects. <p> <b> Heap LFUDA: Least Frequently Used with Dynamic Aging </b> - The Heap LFUDA policy keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached. <p> <b> Heap LRU: Last Recently Used </b> - Works like LRU, but uses a heap instead. <p> Note: If using the LFUDA replacement policy, the value of Maximum Object Size should be increased above its default of 12KB to maximize the potential byte hit rate improvement of LFUDA.</description> + <description> + <![CDATA[ + The memory replacement policy determines which objects are purged from memory when space is needed.<br/><br/> + <strong>Heap GDSF:</strong> Optimizes object-hit rate by keeping smaller, popular objects in cache.<br/> + <strong>Heap LFUDA:</strong> Keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate.<br/> + <strong>Heap LRU:</strong> Works like LRU, but uses a heap instead.<br/> + <strong>LRU:</strong> Keeps recently referenced objects (i.e., replaces the object that has not been accessed for the longest time).<br/> + Please see <a href="http://www.squid-cache.org/Doc/config/cache_replacement_policy/">cache_replacement_policy documentation</a> for additional details.<br/><br/> + Default: heap GDSF + ]]> + </description> <type>select</type> <default_value>heap GDSF</default_value> <options> - <option><name>LRU</name><value>lru</value></option> - <option><name>Heap LFUDA</name><value>heap LFUDA</value></option> <option><name>Heap GDSF</name><value>heap GDSF</value></option> + <option><name>Heap LFUDA</name><value>heap LFUDA</value></option> <option><name>Heap LRU</name><value>heap LRU</value></option> + <option><name>LRU</name><value>lru</value></option> </options> </field> <field> @@ -272,34 +357,46 @@ <field> <fielddescr>Cache Dynamic Content</fielddescr> <fieldname>cache_dynamic_content</fieldname> - <description><![CDATA[Select this option to <a target=_new href='http://wiki.squid-cache.org/ConfigExamples/DynamicContent'>enable caching of dynamic content.</a><br> - ]]></description> + <description> + <![CDATA[ + Select to <a href="http://wiki.squid-cache.org/ConfigExamples/DynamicContent">enable caching of dynamic content.</a><br/> + ]]> + </description> <type>checkbox</type> <size>10</size> </field> <field> <fielddescr>Refresh Patterns</fielddescr> <fieldname>refresh_patterns</fieldname> - <description><![CDATA[With dynamic cache enabled, you can also apply squid wiki refresh_patterns to sites like <a target=_new href='http://wiki.squid-cache.org/ConfigExamples/DynamicContent/YouTube'>Youtube</a> and <a target=_new href='http://wiki.squid-cache.org/SquidFaq/WindowsUpdate'>windowsupdate</a><br> - <br><strong>Notes:</strong><br> - Squid wiki suggests 'Finish transfer if less than x KB remaining' on 'traffic mgmt' squid tab to -1 but you can apply your own values to control cache.<br><br> - set Maximum download size on 'traffic mgmt' squid tab to a value that fits patterns your are applying.<br>Microsoft may need 200Mb and youtube 4GB.]]></description> + <description> + <![CDATA[ + With dynamic cache enabled, you can also apply refresh_patterns to sites like <a href="http://wiki.squid-cache.org/SquidFaq/WindowsUpdate">Windows Updates</a><br/><br/> + <strong>Notes:</strong><br/> + - Squid wiki suggests setting 'Finish transfer if less than x KB remaining' on 'Traffic Mgmt' tab to -1 (but you can apply your own values to control cache).<br/> + - Set 'Maximum Download Size' on 'Traffic Mgmt' tab to a value that fits patterns your are applying. + ]]> + </description> <type>select</type> <default_value>none</default_value> <options> - <option><name>Youtube</name><value>youtube</value></option> + <!--<option><name>Youtube</name><value>youtube</value></option>--> <option><name>Windows Update</name><value>windows</value></option> <option><name>Symantec Antivirus</name><value>symantec</value></option> <option><name>Avira</name><value>avira</value></option> <option><name>Avast</name><value>avast</value></option> </options> <multiple/> - <size>06</size> + <size>05</size> </field> <field> <fielddescr>Custom refresh_patterns</fielddescr> <fieldname>custom_refresh_patterns</fieldname> - <description>Enter custom refresh_patterns for better dynamic cache. This options will be included only if dynamic cache is enabled.</description> + <description> + <![CDATA[ + Enter custom refresh_patterns for better dynamic cache usage.<br/> + <strong>Note: These refresh_patterns will only be included if 'Cache Dynamic Content' is enabled.</strong> + ]]> + </description> <type>textarea</type> <cols>67</cols> <rows>5</rows> @@ -307,16 +404,21 @@ </field> </fields> <custom_php_command_before_form> - if($_POST['harddisk_cache_size'] != $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size']) { + <![CDATA[ + if ($_POST['harddisk_cache_size'] != $config['installedpackages']['squidcache']['config'][0]['harddisk_cache_size']) { $needs_dash_z = true; } + ]]> </custom_php_command_before_form> <custom_php_validation_command> squid_validate_cache($_POST, $input_errors); </custom_php_validation_command> <custom_php_resync_config_command> + <![CDATA[ squid_resync(); - if($needs_dash_z) + if ($needs_dash_z) { squid_dash_z(); + } + ]]> </custom_php_resync_config_command> </packagegui> diff --git a/config/squid3/34/squid_clwarn.php b/config/squid3/34/squid_clwarn.php index 8de016f3..5ddf8171 100644 --- a/config/squid3/34/squid_clwarn.php +++ b/config/squid3/34/squid_clwarn.php @@ -1,22 +1,20 @@ <?php -/* ========================================================================== */ /* squid_clwarn.php - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2015 Marcello Coutinho + Copyright (C) 2015 ESF, LLC All rights reserved. - */ -/* ========================================================================== */ -/* + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -28,49 +26,46 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ +*/ $VERSION = '6.10'; - $url = $_REQUEST['url']; -$virus=($_REQUEST['virus']?$_REQUEST['virus']:$_REQUEST['malware']); -$source = preg_replace("@/-@","",$_REQUEST['source']); +$url = $_REQUEST['url']; +$virus = ($_REQUEST['virus'] ? $_REQUEST['virus'] : $_REQUEST['malware']); +$source = preg_replace("@/-@", "", $_REQUEST['source']); $user = $_REQUEST['user']; - -$TITLE_VIRUS = "SquidClamAv $VERSION: Virus detected!"; +$TITLE_VIRUS = "SquidClamav $VERSION: Virus detected!"; $subtitle = 'Virus name'; $errorreturn = 'This file cannot be downloaded.'; $urlerror = 'contains a virus'; -if (preg_match("/Safebrowsing/",$virus)) { - $TITLE_VIRUS = "SquidClamAv $VERSION: Unsafe Browsing detected"; - $subtitle = 'Malware / pishing type'; +if (preg_match("/Safebrowsing/", $virus)) { + $TITLE_VIRUS = "SquidClamav $VERSION: Unsafe Browsing detected"; + $subtitle = 'Malware / phishing type'; $urlerror = 'is listed as suspicious'; - $errorreturn = 'This page can not be displayed'; + $errorreturn = 'This page cannot be displayed'; } -# Remove clamd infos +// Remove clamd infos $vp[0]="/stream: /"; $vp[1]="/ FOUND/"; $vr[0]=""; $vr[1]=""; -$virus = preg_replace($vp,$vr,$virus); - -error_log(date("Y-m-d H:i:s")." | VIRUS FOUND | ".$virus." | ".$url." | ".$source." | ".$user."\n", 3, "/var/log/c-icap/virus.log"); +$virus = preg_replace($vp, $vr, $virus); +error_log(date("Y-m-d H:i:s") . " | VIRUS FOUND | " . $virus . " | " . $url . " | " . $source . " | " . $user . "\n", 3, "/var/log/c-icap/virus.log"); ?> <style type="text/css"> .visu { border:1px solid #C0C0C0; color:#FFFFFF; - position: relative; - min-width: 13em; - max-width: 52em; - margin: 4em auto; - border: 1px solid ThreeDShadow; - border-radius: 10px; - padding: 3em; - -moz-padding-start: 30px; + position: relative; + min-width: 13em; + max-width: 52em; + margin: 4em auto; + border: 1px solid ThreeDShadow; + border-radius: 10px; + padding: 3em; + -moz-padding-start: 30px; background-color: #8b0000; } .visu h2, .visu h3, .visu h4 { @@ -80,17 +75,18 @@ error_log(date("Y-m-d H:i:s")." | VIRUS FOUND | ".$virus." | ".$url." | ".$sourc font-weight:bolder; } </style> - <div class="visu"> +<div class="visu"> <h2><?=$TITLE_VIRUS?></h2> - <hr> + <hr /> <p> - The requested URL <?=$url?> <?=$urlerror?><br> + The requested URL <?=$url?> <?=$urlerror?><br/> <?=$subtitle?>: <?=$virus?> - <p> + </p><p> <?=$errorreturn?> - <p> + </p><p> Origin: <?=$source?> / <?=$user?> - <p> - <hr> - <font color="blue"> Powered by <a href="http://squidclamav.darold.net/">SquidClamAv <?=$VERSION?></a>.</font> - </div> + </p><p> + <hr /> + <font color="blue"> Powered by <a href="http://squidclamav.darold.net/">SquidClamav <?=$VERSION?></a>.</font> + </p> +</div> diff --git a/config/squid3/34/squid_ident.php b/config/squid3/34/squid_ident.php deleted file mode 100644 index ad13beb6..00000000 --- a/config/squid3/34/squid_ident.php +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/php -#http://blog.dataforce.org.uk/2010/03/Ident-Server -<?php - /** - * Simple PHP-Based inetd ident server, version 0.1. - * Copyright (c) 2010 - Shane "Dataforce" Mc Cormack - * This code is licensed under the MIT License, of which a copy can be found - * at http://www.opensource.org/licenses/mit-license.php - * - * The latest version of the code can be found at - * http://blog.dataforce.org.uk/index.php?p=news&id=135 - * - * This should be run from inetd, it will take input on stdin and write to stdout. - * - * By default users can spoof ident by having a .ident file in /home/<username>/.ident - * If this is present, it will be read. - * It should be a file with a format like so: - * - * <pid> <ident> - * <local host>:<local port>:<target host>:<target port> <ident> - * - * The first line that matches is used, any bit can be a * and it will always match, - * so "* user" is valid. In future more sophisticated matches will be permitted - * (eg 127.*) but for now its either all or nothing. - * - * Its worth noting that <target host> is the host that requests the ident, so if this - * is likely to be different than the host that was connected to, then "STRICT_HOST" will - * need to be set to false. - * - * At the moment <local host> is ignored, in future versions this might be changed, so - * it is still required. - * - * Lines with a ':' in them are assumed to be of the second format, and must contain - * all 4 sections or they will be ignored. - * - * Lines starting with a # are ignored. - * - * There are some special values that can be used as idents: - * ! = Send an error instead. - * * = Send the default ident. - * ? = Send a random ident (In future a 3rd parameter will specify the format, - * # for a number, @ for a letter, ? for either, but this is not implemented yet) - * - * In future there will also be support for /home/user/.ident.d/ directories, where - * every file will be read for the ident response untill one matches. - * This will allow multiple processes to create files rather than needing to - * lock and edit .ident - */ - - // Allow spoofing idents. - define('ALLOW_SPOOF', true); - - // Requesting host must be the same as the host that was connected to. - define('STRICT_HOST', true); - - // Error to send when '!' is used as an ident. - define('HIDE_ERROR', 'UNKNOWN-ERROR'); - - openlog('simpleIdent', LOG_PID | LOG_ODELAY, LOG_DAEMON); - - $result = 'ERROR : UNKNOWN-ERROR' . "\n"; - - $host = $_SERVER['REMOTE_HOST']; - - syslog(LOG_INFO, 'Connection from: '.$host); - - // Red in the line from the socket. - $fh = @fopen('php://stdin', 'r'); - if ($fh) { - $input = @fgets($fh); - $line = trim($input); - if ($input !== FALSE && !empty($line)) { - $result = trim($input) . ' : ' . $result; - // Get the data from it. - $bits = explode(',', $line); - $source = trim($bits[0]); - $dest = isset($bits[1]) ? trim($bits[1]) : ''; - - // Check if it is valid - if (preg_match('/^[0-9]+$/', $source) && preg_match('/^[0-9]+$/', $dest)) { - // Now actually look for this! - $match = STRICT_HOST ? ":$source .*$host:$dest " : ":$source.*:$dest"; - - $output = `netstat -napW 2>&1 | grep '$match' | awk '{print \$7}'`; - - $bits = explode('/', $output); - $pid = $bits[0]; - - if (preg_match('/^[0-9]+$/', $pid)) { - $user = `ps -o ruser=SOME-REALLY-WIDE-USERNAMES-ARE-PERMITTED-HERE $pid | tail -n 1`; - - $senduser = trim($user); - - // Look for special ident file: /home/user/.ident this is an ini-format file. - $file = '/home/'.trim($user).'/.ident'; - - if (file_exists($file)) { - $config = file($file, FILE_SKIP_EMPTY_LINES | FILE_IGNORE_NEW_LINES | FILE_TEXT); - foreach ($config as $line) { - // Ignore comments. - $line = trim($line); - if (substr($line, 1) == '#') { continue; } - - // Make sure line is valid. - $bits = explode(' ', $line); - if (count($bits) == 1) { continue; } - - // Check type of line - if (strpos($bits[0], ':') !== FALSE) { - // LocalHost:LocalPort:RemoteHost:RemotePort - $match = explode(':', $bits[0]); - if (count($match) != 4) { continue; } - - if (($match[1] == '*' || $match[1] == $source) && - ($match[2] == '*' || $match[2] == $host) && - ($match[3] == '*' || $match[3] == $dest)) { - syslog(LOG_INFO, 'Spoof for '.$senduser.': '.$line); - $senduser = $bits[1]; - break; - } - } else if ($bits[0] == '*' || $bits[0] == $pid) { - syslog(LOG_INFO, 'Spoof for '.$senduser.': '.$line); - $senduser = $bits[1]; - } - } - - if ($senduser == "*") { - $senduser = trim(user); - } else if ($senduser == "?") { - $senduser = 'user'.rand(1000,9999); - } - } - - if ($senduser != "!") { - $result = $source . ', ' . $dest . ' : USERID : UNIX : ' . trim($senduser); - } else { - $result = $source . ', ' . $dest . ' : ERROR : ' . HIDE_ERROR; - } - } - } - } - } - - echo $result; - syslog(LOG_INFO, 'Result: '.$result); - closelog(); - exit(0); -?> diff --git a/config/squid3/34/squid_log_parser.php b/config/squid3/34/squid_log_parser.php index 8d0cbc20..c55db021 100755 --- a/config/squid3/34/squid_log_parser.php +++ b/config/squid3/34/squid_log_parser.php @@ -1,24 +1,22 @@ #!/usr/local/bin/php -q <?php -/* ========================================================================== */ /* squid_log_parser.php - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012-2014 Marcello Coutinho - Copyright (C) 2012-2014 Carlos Cesario - carloscesario@gmail.com + Copyright (C) 2012-2014 Carlos Cesario <carloscesario@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. - */ -/* ========================================================================== */ -/* + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -30,28 +28,26 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - -# ------------------------------------------------------------------------------ -# Simple Squid Log parser to rewrite line with date/time human readable -# Usage: cat /var/squid/log/access.log | parser_squid_log.php -# ------------------------------------------------------------------------------ +*/ +/* +* Simple Squid Log parser to rewrite line with date/time human readable +* Usage: cat /var/squid/log/access.log | parser_squid_log.php +*/ $logline = fopen("php://stdin", "r"); -while(!feof($logline)) { +while (!feof($logline)) { $line = fgets($logline); $line = rtrim($line); if ($line != "") { $fields = explode(' ', $line); // Apply date format - $fields[0] = date("d.m.Y H:i:s",$fields[0]); - foreach($fields as $field) { - // Write the Squid log line with date/time human readable - echo "{$field} "; + $fields[0] = date("d.m.Y H:i:s", $fields[0]); + foreach ($fields as $field) { + // Write the Squid log line with human readable date/time + echo "{$field} "; } echo "\n"; } } fclose($logline); -?>
\ No newline at end of file +?> diff --git a/config/squid3/34/squid_monitor.php b/config/squid3/34/squid_monitor.php index 60a366fc..ba87f998 100755 --- a/config/squid3/34/squid_monitor.php +++ b/config/squid3/34/squid_monitor.php @@ -1,23 +1,21 @@ <?php -/* ========================================================================== */ /* squid_monitor.php - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012-2014 Marcello Coutinho - Copyright (C) 2012-2014 Carlos Cesario - carloscesario@gmail.com + Copyright (C) 2012-2014 Carlos Cesario <carloscesario@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. - */ -/* ========================================================================== */ -/* + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -29,19 +27,13 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - +*/ require_once("/etc/inc/util.inc"); require_once("/etc/inc/functions.inc"); require_once("/etc/inc/pkg-utils.inc"); require_once("/etc/inc/globals.inc"); require_once("guiconfig.inc"); -$pfSversion = str_replace("\n", "", file_get_contents("/etc/version")); -if(strstr($pfSversion, "1.2")) - $one_two = true; - $pgtitle = "Status: Proxy Monitor"; $shortcut_section = "squid"; include("head.inc"); @@ -51,44 +43,40 @@ include("head.inc"); <?php include("fbegin.inc"); ?> -<?php if($one_two): ?> - - <p class="pgtitle"><?=$pgtitle?></font></p> - -<?php endif; ?> - <?php if ($savemsg) print_info_box($savemsg); ?> <!-- Function to call programs logs --> -<script language="JavaScript"> - function showLog(content,url,program) - { - new PeriodicalExecuter(function(pe) { +<script type="text/javascript"> +//<![CDATA[ + function showLog(content, url, program) { + new PeriodicalExecuter(function (pe) { new Ajax.Updater(content, url, { - method: 'post', - asynchronous: true, - evalScripts: true, - parameters: { maxlines: $('maxlines').getValue(), - strfilter: $('strfilter').getValue(), - program: program } + method: 'post', + asynchronous: true, + evalScripts: true, + parameters: { + maxlines: $('maxlines').getValue(), + strfilter: $('strfilter').getValue(), + program: program + } }) }, 1) } +//]]> </script> <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> <?php $tab_array = array(); - if ($_REQUEST["menu"]=="reverse"){ + if ($_REQUEST["menu"] == "reverse") { $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=squid_reverse_general.xml&id=0"); $tab_array[] = array(gettext("Web Servers"), false, "/pkg.php?xml=squid_reverse_peer.xml"); $tab_array[] = array(gettext("Mappings"), false, "/pkg.php?xml=squid_reverse_uri.xml"); $tab_array[] = array(gettext("Redirects"), false, "/pkg.php?xml=squid_reverse_redir.xml"); $tab_array[] = array(gettext("Real time"), true, "/squid_monitor.php?menu=reverse"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=squid_reverse_sync.xml"); - } - else{ + } else { $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=squid.xml&id=0"); $tab_array[] = array(gettext("Remote Cache"), false, "/pkg.php?xml=squid_upstream.xml"); $tab_array[] = array(gettext("Local Cache"), false, "/pkg_edit.php?xml=squid_cache.xml&id=0"); @@ -99,16 +87,15 @@ include("head.inc"); $tab_array[] = array(gettext("Users"), false, "/pkg.php?xml=squid_users.xml"); $tab_array[] = array(gettext("Real time"), true, "/squid_monitor.php"); $tab_array[] = array(gettext("Sync"), false, "/pkg_edit.php?xml=squid_sync.xml"); - } + } display_top_tabs($tab_array); ?> -</td></tr> - <tr> - <td> -<div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; "> - <form id="paramsForm" name="paramsForm" method="post"> - <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> - <tbody> + </td></tr> + <tr><td> + <div id="mainarea" style="padding-top: 0px; padding-bottom: 0px; "> + <form id="paramsForm" name="paramsForm" method="post"> + <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="6"> + <tbody> <tr> <td width="22%" valign="top" class="vncellreq">Max lines:</td> <td width="78%" class="vtable"> @@ -123,95 +110,87 @@ include("head.inc"); </select> <br/> <span class="vexpl"> - <?=gettext("Max. lines to be displayed.");?> + <?=gettext("Max. lines to be displayed.");?> </span> </td> </tr> <tr> <td width="22%" valign="top" class="vncellreq">String filter:</td> <td width="78%" class="vtable"> - <input name="strfilter" type="text" class="formfld search" id="strfilter" size="50" value=""> + <input name="strfilter" type="text" class="formfld search" id="strfilter" size="50" value="" /> <br/> <span class="vexpl"> - <?=gettext("Enter a grep like string/pattern to filterlog.");?><br> - <?=gettext("eg. username, ip addr, url.");?><br> - <?=gettext("Use <b>!</b> to invert the sense of matching, to select non-matching lines.");?> + <?=gettext("Enter a grep like string/pattern to filterlog.");?><br/> + <?=gettext("eg. username, ip addr, url.");?><br/> + <?=gettext("Use <b>!</b> to invert the sense of matching, to select non-matching lines.");?> </span> </td> </tr> - </tbody> - </table> - </form> - - <!-- Squid Table --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tbody> - <tr> - <td> + </tbody> + </table> + </form> + + <!-- Squid Table --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr><td> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> - <td colspan="6" class="listtopic"><center><?=gettext("Squid Logs"); ?><center></td> + <td colspan="6" class="listtopic" align="center"><?=gettext("Squid Logs"); ?></td> </tr> <tbody id="squidView"> - <script language="JavaScript"> + <script type="text/javascript"> // Call function to show squid log - showLog('squidView', 'squid_monitor_data.php','squid'); + showLog('squidView', 'squid_monitor_data.php', 'squid'); </script> </tbody> </table> - </td> - </tr> - </tbody> - </table> -<?php if ($_REQUEST["menu"]!="reverse"){?> - <!-- SquidGuard Table --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tbody> - <tr> - <td> + </td></tr> + </tbody> + </table> +<?php if ($_REQUEST["menu"] != "reverse") {?> + <!-- SquidGuard Table --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr><td> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> - <td colspan="5" class="listtopic"><center><?=gettext("SquidGuard Logs"); ?><center></td> + <td colspan="5" class="listtopic" align="center"><?=gettext("SquidGuard Logs"); ?></td> </tr> <tbody id="sguardView"> - <script language="JavaScript"> + <script type="text/javascript"> // Call function to show squidGuard log - showLog('sguardView', 'squid_monitor_data.php','sguard'); + showLog('sguardView', 'squid_monitor_data.php', 'sguard'); </script> </tbody> </table> - </td> - </tr> - </tbody> - </table> - <!-- clamav Table --> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tbody> - <tr> - <td> + </td></tr> + </tbody> + </table> + <!-- clamav Table --> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tbody> + <tr><td> <table class="tabcont" width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> - <td colspan="6" class="listtopic"><center><?=gettext("clamav Logs"); ?><center></td> + <td colspan="6" class="listtopic" align="center"><?=gettext("clamav Logs"); ?></td> </tr> <tbody id="clamView"> - <script language="JavaScript"> + <script type="text/javascript"> // Call function to show squidGuard log - showLog('clamView', 'squid_monitor_data.php','clamav'); + showLog('clamView', 'squid_monitor_data.php', 'clamav'); </script> </tbody> </table> - </td> - </tr> - </tbody> - </table> -</div> + </td></tr> + </tbody> + </table> + </div> <?php }?> -</td> -</tr> -</table> + </td></tr> + </table> </div> - <?php include("fend.inc"); ?> diff --git a/config/squid3/34/squid_monitor_data.php b/config/squid3/34/squid_monitor_data.php index 9010f0a2..c2c3264d 100755 --- a/config/squid3/34/squid_monitor_data.php +++ b/config/squid3/34/squid_monitor_data.php @@ -1,23 +1,21 @@ <?php -/* ========================================================================== */ /* squid_monitor_data.php - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012-2014 Marcello Coutinho - Copyright (C) 2012-2014 Carlos Cesario - carloscesario@gmail.com + Copyright (C) 2012-2014 Carlos Cesario <carloscesario@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. - */ -/* ========================================================================== */ -/* + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -29,174 +27,167 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -# ------------------------------------------------------------------------------ -# Defines -# ------------------------------------------------------------------------------ +*/ require_once("guiconfig.inc"); -# ------------------------------------------------------------------------------ -# Requests -# ------------------------------------------------------------------------------ +/* Requests */ if ($_POST) { - # Actions - $filter = preg_replace('/(@|!|>|<)/',"",htmlspecialchars($_POST['strfilter'])); + global $filter, $program; + // Actions + $filter = preg_replace('/(@|!|>|<)/', "", htmlspecialchars($_POST['strfilter'])); $program = strtolower($_POST['program']); - switch ($program) { - case 'squid': + switch ($program) { + case 'squid': // Define log file - $log='/var/squid/logs/access.log'; - //show table headers - show_tds(array("Date","IP","Status","Address","User","Destination")); - //fetch lines - $logarr=fetch_log($log); + $log = '/var/squid/logs/access.log'; + // Show table headers + show_tds(array("Date", "IP", "Status", "Address", "User", "Destination")); + // Fetch lines + $logarr = fetch_log($log); // Print lines - foreach ($logarr as $logent) { - // Split line by space delimiter - $logline = preg_split("/\s+/", $logent); + foreach ($logarr as $logent) { + // Split line by space delimiter + $logline = preg_split("/\s+/", $logent); - // Apply date format to first line - //$logline[0] = date("d.m.Y H:i:s",$logline[0]); + // Apply date format to first line + //$logline[0] = date("d.m.Y H:i:s",$logline[0]); - // Word wrap the URL - $logline[7] = htmlentities($logline[7]); - $logline[7] = html_autowrap($logline[7]); + // Word wrap the URL + $logline[7] = htmlentities($logline[7]); + $logline[7] = html_autowrap($logline[7]); - // Remove /(slash) in destination row - $logline_dest = preg_split("/\//", $logline[9]); + // Remove /(slash) in destination row + $logline_dest = preg_split("/\//", $logline[9]); - // Apply filter and color + // Apply filter and color // Need validate special chars - if ($filter != "") - $logline = preg_replace("@($filter)@i","<spam><font color='red'>$1</font></span>",$logline); + if ($filter != "") { + $logline = preg_replace("@($filter)@i","<spam><font color='red'>$1</font></span>", $logline); + } + echo "<tr valign=\"top\">\n"; - echo "<td class=\"listlr\" nowrap>{$logline[0]} {$logline[1]}</td>\n"; + echo "<td class=\"listlr\" nowrap=\"nowrap\">{$logline[0]} {$logline[1]}</td>\n"; echo "<td class=\"listr\">{$logline[3]}</td>\n"; echo "<td class=\"listr\">{$logline[4]}</td>\n"; - echo "<td class=\"listr\" width=\"*\">{$logline[7]}</td>\n"; + echo "<td class=\"listr\" width=\"*\">{$logline[7]}</td>\n"; echo "<td class=\"listr\">{$logline[8]}</td>\n"; echo "<td class=\"listr\">{$logline_dest[1]}</td>\n"; echo "</tr>\n"; - } + } break; case 'sguard'; - $log='/var/squidGuard/log/block.log'; - //show table headers - show_tds(array("Date-Time","ACL","Address","Host","User")); - //fetch lines - $logarr=fetch_log($log); - foreach ($logarr as $logent) { - // Split line by space delimiter - $logline = preg_split("/\s+/", $logent); - - // Apply time format - $logline[0] = date("d.m.Y", strtotime($logline[0])); - - // Word wrap the URL - $logline[4] = htmlentities($logline[4]); - $logline[4] = html_autowrap($logline[4]); - - - // Apply filter color - // Need validate special chars - if ($filter != "") - $logline = preg_replace("@($filter)@i","<spam><font color='red'>$1</font></span>",$logline); - - - echo "<tr>\n"; - echo "<td class=\"listlr\" nowrap>{$logline[0]} {$logline[1]}</td>\n"; - echo "<td class=\"listr\">{$logline[3]}</td>\n"; - echo "<td class=\"listr\" width=\"*\">{$logline[4]}</td>\n"; - echo "<td class=\"listr\">{$logline[5]}</td>\n"; - echo "<td class=\"listr\">{$logline[6]}</td>\n"; - echo "</tr>\n"; - } + $log = '/var/squidGuard/log/block.log'; + // Show table headers + show_tds(array("Date-Time", "ACL", "Address", "Host", "User")); + // Fetch lines + $logarr = fetch_log($log); + foreach ($logarr as $logent) { + // Split line by space delimiter + $logline = preg_split("/\s+/", $logent); + + // Apply time format + $logline[0] = date("d.m.Y", strtotime($logline[0])); + + // Word wrap the URL + $logline[4] = htmlentities($logline[4]); + $logline[4] = html_autowrap($logline[4]); + + // Apply filter color + // Need validate special chars + if ($filter != "") { + $logline = preg_replace("@($filter)@i", "<span><font color='red'>$1</font></span>", $logline); + } + + echo "<tr>\n"; + echo "<td class=\"listlr\" nowrap=\"nowrap\">{$logline[0]} {$logline[1]}</td>\n"; + echo "<td class=\"listr\">{$logline[3]}</td>\n"; + echo "<td class=\"listr\" width=\"*\">{$logline[4]}</td>\n"; + echo "<td class=\"listr\">{$logline[5]}</td>\n"; + echo "<td class=\"listr\">{$logline[6]}</td>\n"; + echo "</tr>\n"; + } break; case 'clamav'; - // Define log file - $log='/var/log/c-icap/virus.log'; - //show table headers - show_tds(array("Date-Time","Message","Virus","URL","Host","User")); - //fetch lines - $logarr=fetch_log($log); - foreach ($logarr as $logent) { - // Split line by space delimiter - $logline = preg_split("/\|/", $logent); - - // Apply time format - $logline[0] = date("d.m.Y H:i:s", strtotime($logline[0])); - - // Word wrap the URL - $logline[3] = htmlentities($logline[3]); - $logline[3] = html_autowrap($logline[3]); - - echo "<tr>\n"; - echo "<td class=\"listlr\" nowrap>{$logline[0]}</td>\n"; - echo "<td class=\"listr\" nowrap>{$logline[1]}</td>\n"; - echo "<td class=\"listr\">{$logline[2]}</td>\n"; - echo "<td class=\"listr\">{$logline[3]}</td>\n"; - echo "<td class=\"listr\">{$logline[4]}</td>\n"; - echo "<td class=\"listr\">{$logline[5]}</td>\n"; - echo "</tr>\n"; - } - break; - } + // Define log file + $log = '/var/log/c-icap/virus.log'; + // Show table headers + show_tds(array("Date-Time", "Message", "Virus", "URL", "Host", "User")); + // Fetch lines + $logarr = fetch_log($log); + foreach ($logarr as $logent) { + // Split line by space delimiter + $logline = preg_split("/\|/", $logent); + + // Apply time format + $logline[0] = date("d.m.Y H:i:s", strtotime($logline[0])); + + // Word wrap the URL + $logline[3] = htmlentities($logline[3]); + $logline[3] = html_autowrap($logline[3]); + + echo "<tr>\n"; + echo "<td class=\"listlr\" nowrap=\"nowrap\">{$logline[0]}</td>\n"; + echo "<td class=\"listr\" nowrap=\"nowrap\">{$logline[1]}</td>\n"; + echo "<td class=\"listr\">{$logline[2]}</td>\n"; + echo "<td class=\"listr\">{$logline[3]}</td>\n"; + echo "<td class=\"listr\">{$logline[4]}</td>\n"; + echo "<td class=\"listr\">{$logline[5]}</td>\n"; + echo "</tr>\n"; + } + break; + } } -# ------------------------------------------------------------------------------ -# Functions -# ------------------------------------------------------------------------------ - -// From SquidGuard Package -function html_autowrap($cont) -{ - # split strings - $p = 0; +/* Functions */ +function html_autowrap($cont) { + // split strings + $p = 0; $pstep = 25; - $str = $cont; + $str = $cont; $cont = ''; - for ( $p = 0; $p < strlen($str); $p += $pstep ) { - $s = substr( $str, $p, $pstep ); - if ( !$s ) break; - $cont .= $s . "<wbr/>"; + for ($p = 0; $p < strlen($str); $p += $pstep) { + $s = substr($str, $p, $pstep); + if (!$s) { + break; + } + $cont .= $s . "<wbr />"; } return $cont; } - // Show Squid Logs -function fetch_log($log){ - global $filter,$program; - // Get Data from form post - $lines = $_POST['maxlines']; - if (preg_match("/!/",htmlspecialchars($_POST['strfilter']))) - $grep_arg="-iv"; - else - $grep_arg="-i"; - - //Check program to execute or no the parser - if($program == "squid") - $parser = "| php -q squid_log_parser.php"; - else +function fetch_log($log) { + global $filter, $program; + // Get data from form post + $lines = $_POST['maxlines']; + if (preg_match("/!/", htmlspecialchars($_POST['strfilter']))) { + $grep_arg = "-iv"; + } else { + $grep_arg = "-i"; + } + + // Check program to execute or no the parser + if ($program == "squid") { + $parser = "| /usr/local/bin/php -q squid_log_parser.php"; + } else { $parser = ""; + } - // Get logs based in filter expression - if($filter != "") { - exec("tail -2000 {$log} | /usr/bin/grep {$grep_arg} " . escapeshellarg($filter). " | tail -r -n {$lines} {$parser} " , $logarr); - } - else { - exec("tail -r -n {$lines} {$log} {$parser}", $logarr); - } - // return logs - return $logarr; + // Get logs based in filter expression + if ($filter != "") { + exec("/usr/bin/tail -n 2000 {$log} | /usr/bin/grep {$grep_arg} " . escapeshellarg($filter). " | /usr/bin/tail -r -n {$lines} {$parser} ", $logarr); + } else { + exec("/usr/bin/tail -r -n {$lines} {$log} {$parser}", $logarr); + } + // Return logs + return $logarr; }; -function show_tds($tds){ +function show_tds($tds) { echo "<tr valign='top'>\n"; foreach ($tds as $td){ - echo "<td class='listhdrr'>".gettext($td)."</td>\n"; - } + echo "<td class='listhdrr'>" . gettext($td) . "</td>\n"; + } echo "</tr>\n"; } diff --git a/config/squid3/34/squid_nac.xml b/config/squid3/34/squid_nac.xml index 70fe162f..fb7accc3 100755 --- a/config/squid3/34/squid_nac.xml +++ b/config/squid3/34/squid_nac.xml @@ -2,57 +2,52 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_nac.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidnac</name> - <version>none</version> - <title>Proxy server: Access control</title> + <version>0.3.5</version> + <title>Proxy Server: Access Control</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> - <tab> - <text>General</text> + <tab> + <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> @@ -85,7 +80,7 @@ <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> @@ -99,9 +94,15 @@ <type>listtopic</type> </field> <field> - <fielddescr>Allowed subnets</fielddescr> + <fielddescr>Allowed Subnets</fielddescr> <fieldname>allowed_subnets</fieldname> - <description>Enter each subnet on a new line that is allowed to use the proxy. The subnets must be expressed as CIDR ranges (e.g.: 192.168.1.0/24). Note that the proxy interface subnet is already an allowed subnet. All the other subnets won't be able to use the proxy.</description> + <description> + <![CDATA[ + Enter each subnet on a new line that is allowed to use the proxy.<br/> + The subnets must be expressed as CIDR ranges (e.g.: 192.168.1.0/24).<br/><br/> + Note: The proxy interface subnet is already an allowed subnet. All the other subnets won't be able to use the proxy. + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> @@ -110,25 +111,42 @@ <field> <fielddescr>Unrestricted IPs</fielddescr> <fieldname>unrestricted_hosts</fieldname> - <description>Enter unrestricted IP address / network(in CIDR format) on a new line that is not to be filtered out by the other access control directives set in this page.</description> + <description> + <![CDATA[ + Enter unrestricted IP address(es) / network(s) in CIDR format.<br/> + Configured entries will NOT be filtered out by the other access control directives set in this page.<br/> + <strong>Note: Put each entry on a separate line.</strong> + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> - <fielddescr>Banned host addresses</fielddescr> + <fielddescr>Banned Hosts Addresses</fielddescr> <fieldname>banned_hosts</fieldname> - <description>Enter each IP address / network(in CIDR format) on a new line that is not to be allowed to use the proxy.</description> + <description> + <![CDATA[ + Enter IP address(es) / network(s) in CIDR format.<br/> + Configured entries will NOT be allowed to use the proxy.<br/> + <strong>Note: Put each entry on a separate line.</strong> + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> <encoding>base64</encoding> - </field> + </field> <field> <fielddescr>Whitelist</fielddescr> <fieldname>whitelist</fieldname> - <description>Enter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy. You also can use regular expressions.</description> + <description> + <![CDATA[ + Destination domains that will be accessible to the users that are allowed to use the proxy.<br/> + <strong>Note: Put each entry on a separate line.</strong> You also can use regular expressions. + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> @@ -137,46 +155,72 @@ <field> <fielddescr>Blacklist</fielddescr> <fieldname>blacklist</fieldname> - <description>Enter each destination domain on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description> + <description> + <![CDATA[ + Destination domains that will be blocked for the users that are allowed to use the proxy.<br/> + <strong>Note: Put each entry on a separate line.</strong> You also can use regular expressions. + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> - <fielddescr>Block user agents</fielddescr> + <fielddescr>Block User Agents</fielddescr> <fieldname>block_user_agent</fieldname> - <description>Enter each user agent on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions.</description> + <description> + <![CDATA[ + Enter user agents that will be blocked for the users that are allowed to use the proxy. + <strong>Note: Put each entry on a separate line.</strong> You also can use regular expressions. + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> - <fielddescr>Block MIME types (reply only)</fielddescr> + <fielddescr>Block MIME Types (Reply Only)</fielddescr> <fieldname>block_reply_mime_type</fieldname> - <description>Enter each MIME type on a new line that will be blocked to the users that are allowed to use the proxy. You also can use regular expressions. Useful to block javascript (application/x-javascript).</description> + <description> + <![CDATA[ + Enter <a href="http://www.iana.org/assignments/media-types/media-types.xhtml">MIME types</a> that will be blocked for the + users that are allowed to use the proxy. Useful to block javascript (application/javascript).<br/> + <strong>Note: Put each entry on a separate line.</strong> You also can use regular expressions. + ]]> + </description> <type>textarea</type> <cols>50</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> - <name>Squid Allowed ports</name> + <name>Squid Allowed Ports</name> <type>listtopic</type> </field> <field> - <fielddescr>acl safeports</fielddescr> + <fielddescr>ACL SafePorts</fielddescr> <fieldname>addtl_ports</fieldname> - <description>This is a space-separated list of "safe ports" in addition to the already defined list: 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535</description> + <description> + <![CDATA[ + This is a space-separated list of "safe ports" <strong>in addition</strong> to the predefined default list.<br/> + Default list: 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535 + ]]> + </description> <type>input</type> <size>60</size> <default_value></default_value> </field> <field> - <fielddescr>acl sslports</fielddescr> + <fielddescr>ACL SSLPorts</fielddescr> <fieldname>addtl_sslports</fieldname> - <description>This is a space-separated list of ports to allow SSL "CONNECT" in addition to the already defined list: 443 563</description> + <description> + <![CDATA[ + This is a space-separated list of ports to allow SSL "CONNECT" to <strong>in addition</strong> to the predefined default list.<br/> + Default list: 443 563 + ]]> + </description> <type>input</type> <size>60</size> <default_value></default_value> diff --git a/config/squid3/34/squid_reverse.inc b/config/squid3/34/squid_reverse.inc index f583ee12..32c3fa65 100755 --- a/config/squid3/34/squid_reverse.inc +++ b/config/squid3/34/squid_reverse.inc @@ -1,10 +1,11 @@ <?php -/* $Id$ */ /* squid_reverse.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Martin Fuchs Copyright (C) 2012-2014 Marcello Coutinho Copyright (C) 2013 Gekkenhuis + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -28,19 +29,26 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +require_once('certs.inc'); +/* This file is currently only being included in squid.inc and not used separately */ +// require_once('squid.inc'); function squid_resync_reverse() { global $config; - //CONFIG FILE - if (is_array($config['installedpackages']['squidreversegeneral'])) + // config file + if (is_array($config['installedpackages']['squidreversegeneral'])) { $settings = $config['installedpackages']['squidreversegeneral']['config'][0]; - if (is_array($config['installedpackages']['squidreversepeer'])) - $reverse_peers=$config['installedpackages']['squidreversepeer']['config']; - if (is_array($config['installedpackages']['squidreverseuri'])) - $reverse_maps=$config['installedpackages']['squidreverseuri']['config']; - if (is_array($config['installedpackages']['squidreverseredir'])) - $reverse_redir=$config['installedpackages']['squidreverseredir']['config']; + } + if (is_array($config['installedpackages']['squidreversepeer'])) { + $reverse_peers = $config['installedpackages']['squidreversepeer']['config']; + } + if (is_array($config['installedpackages']['squidreverseuri'])) { + $reverse_maps = $config['installedpackages']['squidreverseuri']['config']; + } + if (is_array($config['installedpackages']['squidreverseredir'])) { + $reverse_redir = $config['installedpackages']['squidreverseredir']['config']; + } $conf = "# Reverse Proxy settings\n"; @@ -48,39 +56,42 @@ function squid_resync_reverse() { $svr_cert = lookup_cert($settings["reverse_ssl_cert"]); if ($svr_cert != false) { if (base64_decode($svr_cert['crt'])) { - file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt",sq_text_area_decode($svr_cert['crt'])); + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt", sq_text_area_decode($svr_cert['crt'])); $reverse_crt = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt"; } if (base64_decode($svr_cert['prv'])) { - file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key",sq_text_area_decode($svr_cert['prv'])); + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key", sq_text_area_decode($svr_cert['prv'])); $reverse_key = SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.key"; } } } - if (!empty($settings['reverse_int_ca'])) - file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt","\n" . sq_text_area_decode($settings['reverse_int_ca']),FILE_APPEND | LOCK_EX); + if (!empty($settings['reverse_int_ca'])) { + file_put_contents(SQUID_CONFBASE . "/{$settings["reverse_ssl_cert"]}.crt", "\n" . sq_text_area_decode($settings['reverse_int_ca']), FILE_APPEND | LOCK_EX); + } $ifaces = ($settings['reverse_interface'] ? $settings['reverse_interface'] : 'wan'); $real_ifaces = array(); // set HTTP port and defsite - $http_port=(empty($settings['reverse_http_port'])?"80":$settings['reverse_http_port']); - $http_defsite=(empty($settings['reverse_http_defsite'])?$settings['reverse_external_fqdn']:$settings['reverse_http_defsite']); + $http_port = (empty($settings['reverse_http_port']) ? "80" : $settings['reverse_http_port']); + $http_defsite = (empty($settings['reverse_http_defsite']) ? $settings['reverse_external_fqdn'] : $settings['reverse_http_defsite']); // set HTTPS port and defsite - $https_port=(empty($settings['reverse_https_port'])?"443":$settings['reverse_https_port']); - $https_defsite=(empty($settings['reverse_https_defsite'])?$settings['reverse_external_fqdn']:$settings['reverse_https_defsite']); + $https_port = (empty($settings['reverse_https_port']) ? "443" : $settings['reverse_https_port']); + $https_defsite = (empty($settings['reverse_https_defsite']) ? $settings['reverse_external_fqdn'] : $settings['reverse_https_defsite']); foreach (explode(",", $ifaces) as $i => $iface) { $real_ifaces[] = squid_get_real_interface_address($iface); if ($real_ifaces[$i][0]) { //HTTP - if (!empty($settings['reverse_http']) OR ($settings['reverse_owa_autodiscover'] == 'on')) + if ((!empty($settings['reverse_http'])) || ($settings['reverse_owa_autodiscover'] == 'on')) { $conf .= "http_port {$real_ifaces[$i][0]}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; + } //HTTPS - if (!empty($settings['reverse_https'])) + if (!empty($settings['reverse_https'])) { $conf .= "https_port {$real_ifaces[$i][0]}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n"; + } } } @@ -88,15 +99,17 @@ function squid_resync_reverse() { $reverse_ip = explode(";", ($settings['reverse_ip'])); foreach ($reverse_ip as $reip) { //HTTP - if (!empty($settings['reverse_http']) OR ($settings['reverse_owa_autodiscover'] == 'on')) + if ((!empty($settings['reverse_http'])) || ($settings['reverse_owa_autodiscover'] == 'on')) { $conf .= "http_port {$reip}:{$http_port} accel defaultsite={$http_defsite} vhost\n"; + } //HTTPS - if (!empty($settings['reverse_https'])) + if (!empty($settings['reverse_https'])) { $conf .= "https_port {$reip}:{$https_port} accel cert={$reverse_crt} key={$reverse_key} defaultsite={$https_defsite} vhost\n"; + } } } - //PEERS + // peers if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip']))) { if (!empty($settings['reverse_owa_ip'])) { $reverse_owa_ip = explode(";", ($settings['reverse_owa_ip'])); @@ -109,33 +122,34 @@ function squid_resync_reverse() { } } - $active_peers=array(); + $active_peers = array(); if (is_array($reverse_peers)) { foreach ($reverse_peers as $rp) { - if ($rp['enable'] =="on" && $rp['name'] !="" && $rp['ip'] !="" && $rp['port'] !="") { - $conf_peer = "#{$rp['description']}\n"; - $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin "; - if ($rp['protocol'] == 'HTTPS') - $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; - $conf_peer .= "name=rvp_{$rp['name']}\n\n"; - - // add peer only if reverse proxy is enabled for http - if ($rp['protocol'] == 'HTTP' && $settings['reverse_http'] =="on") { - $conf .= $conf_peer; - array_push($active_peers,$rp['name']); - } - // add peer only if if reverse proxy is enabled for https - if ($rp['protocol'] == 'HTTPS' && $settings['reverse_https'] =="on") { - if (!in_array($rp['name'],$active_peers)) { + if ($rp['enable'] == "on" && $rp['name'] != "" && $rp['ip'] != "" && $rp['port'] != "") { + $conf_peer = "#{$rp['description']}\n"; + $conf_peer .= "cache_peer {$rp['ip']} parent {$rp['port']} 0 proxy-only no-query no-digest originserver login=PASSTHRU connection-auth=on round-robin "; + if ($rp['protocol'] == 'HTTPS') { + $conf_peer .= "ssl sslflags=DONT_VERIFY_PEER front-end-https=auto "; + } + $conf_peer .= "name=rvp_{$rp['name']}\n\n"; + + // add peer only if reverse proxy is enabled for http + if ($rp['protocol'] == 'HTTP' && $settings['reverse_http'] == "on") { $conf .= $conf_peer; - array_push($active_peers,$rp['name']); + array_push($active_peers, $rp['name']); + } + // add peer only if if reverse proxy is enabled for https + if ($rp['protocol'] == 'HTTPS' && $settings['reverse_https'] == "on") { + if (!in_array($rp['name'], $active_peers)) { + $conf .= $conf_peer; + array_push($active_peers, $rp['name']); } } } } } - //REDIRECTS + // redirects if (is_array($reverse_redir)) { foreach ($reverse_redir as $rdr) { if ($rdr['enable'] == "on" && $rdr['name'] != "" && $rdr['pathregex'] != "" && $rdr['redirurl'] != "") { @@ -167,25 +181,30 @@ function squid_resync_reverse() { } } - //ACLS and MAPPINGS + // ACLs and mappings //create an empty owa_dirs to populate based on user selected options - $owa_dirs=array(); - if (($settings['reverse_owa'] == 'on') && $settings['reverse_https'] =="on") { + $owa_dirs = array(); + if (($settings['reverse_owa'] == 'on') && $settings['reverse_https'] == "on") { if (!empty($settings['reverse_owa_ip'])) { - array_push($owa_dirs,'owa','exchange','public','exchweb','ecp','OAB'); - if ($settings['reverse_owa_activesync']) - array_push($owa_dirs,'Microsoft-Server-ActiveSync'); - if ($settings['reverse_owa_rpchttp']) - array_push($owa_dirs,'rpc/rpcproxy.dll','rpcwithcert/rpcproxy.dll'); - if ($settings['reverse_owa_mapihttp']) - array_push($owa_dirs,'mapi'); - if ($settings['reverse_owa_webservice']) - array_push($owa_dirs,'EWS'); + array_push($owa_dirs, 'owa', 'exchange', 'public', 'exchweb', 'ecp', 'OAB'); + if ($settings['reverse_owa_activesync']) { + array_push($owa_dirs, 'Microsoft-Server-ActiveSync'); + } + if ($settings['reverse_owa_rpchttp']) { + array_push($owa_dirs, 'rpc/rpcproxy.dll', 'rpcwithcert/rpcproxy.dll'); + } + if ($settings['reverse_owa_mapihttp']) { + array_push($owa_dirs, 'mapi'); + } + if ($settings['reverse_owa_webservice']) { + array_push($owa_dirs, 'EWS'); + } } if (is_array($owa_dirs)) { - foreach ($owa_dirs as $owa_dir) + foreach ($owa_dirs as $owa_dir) { $conf .= "acl OWA_URI_pfs url_regex -i ^https://{$settings['reverse_external_fqdn']}/$owa_dir.*$\n"; + } } if (($settings['reverse_owa'] == 'on') && (!empty($settings['reverse_owa_ip'])) && ($settings['reverse_owa_autodiscover'] == 'on')) { @@ -199,31 +218,31 @@ function squid_resync_reverse() { //$conf .= "ssl_unclean_shutdown on"; if (is_array($reverse_maps)) { foreach ($reverse_maps as $rm) { - if ($rm['enable'] == "on" && $rm['name']!="" && $rm['peers']!="" && is_array($rm['row'])) { + if ($rm['enable'] == "on" && $rm['name'] != "" && $rm['peers'] != "" && is_array($rm['row'])) { foreach ($rm['row'] as $uri) { - $url_regex=($uri['uri'] == '' ? $settings['reverse_external_fqdn'] : $uri['uri'] ); + $url_regex = ($uri['uri'] == '' ? $settings['reverse_external_fqdn'] : $uri['uri'] ); //$conf .= "acl rvm_{$rm['name']} url_regex -i {$uri['uri']}{$url_regex}.*$\n"; $conf .= "acl rvm_{$rm['name']} url_regex -i {$url_regex}\n"; if ($rm['name'] != $last_rm_name) { $cache_peer_never_direct_conf .= "never_direct allow rvm_{$rm['name']}\n"; $http_access_conf .= "http_access allow rvm_{$rm['name']}\n"; - foreach (explode(',',$rm['peers']) as $map_peer) { - if (in_array($map_peer,$active_peers)) { + foreach (explode(',', $rm['peers']) as $map_peer) { + if (in_array($map_peer, $active_peers)) { $cache_peer_allow_conf .= "cache_peer_access rvp_{$map_peer} allow rvm_{$rm['name']}\n"; $cache_peer_deny_conf .= "cache_peer_access rvp_{$map_peer} deny allsrc\n"; } } - $last_rm_name=$rm['name']; + $last_rm_name = $rm['name']; } } } } } - //ACCESS - if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] =="on") { + // access + if ($settings['reverse_owa'] == 'on' && !empty($settings['reverse_owa_ip']) && $settings['reverse_https'] == "on") { - for ($cascnt=1;$cascnt<$casnr+1;$cascnt++) { + for ($cascnt = 1; $cascnt < $casnr + 1; $cascnt++) { $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs allow OWA_URI_pfs\n"; $conf .= "cache_peer_access OWA_HOST_80_{$cascnt}_pfs allow OWA_URI_pfs\n"; $conf .= "cache_peer_access OWA_HOST_443_{$cascnt}_pfs deny allsrc\n"; @@ -236,8 +255,9 @@ function squid_resync_reverse() { $conf .= $cache_peer_allow_conf.$cache_peer_deny_conf.$cache_peer_never_direct_conf.$http_access_conf."\n"; - if (!empty($settings['deny_info_tcp_reset'])) + if (!empty($settings['deny_info_tcp_reset'])) { $conf .= "deny_info TCP_RESET allsrc\n"; + } return $conf; } diff --git a/config/squid3/34/squid_reverse.xml b/config/squid3/34/squid_reverse.xml index 40fb0ec1..3617debc 100755 --- a/config/squid3/34/squid_reverse.xml +++ b/config/squid3/34/squid_reverse.xml @@ -2,55 +2,51 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_reverse.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidreverse</name> - <version>none</version> - <title>Proxy server: Reverse Proxy</title> + <version>0.3.5</version> + <title>Proxy Server: Reverse Proxy</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> -<tab> + <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> @@ -84,7 +80,7 @@ <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> @@ -94,37 +90,47 @@ </tabs> <fields> <field> - <name>Squid Reverse proxy General Settings</name> + <name>Squid Reverse Proxy General Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Reverse Proxy interface</fielddescr> + <fielddescr>Reverse Proxy Interface</fielddescr> <fieldname>reverse_interface</fieldname> - <description>The interface(s) the reverse-proxy server will bind to.</description> + <description> + <![CDATA[ + The interface(s) the reverse-proxy server will bind to.<br/> + Use CTRL + click to select multiple interfaces. + ]]> + </description> <type>interfaces_selection</type> <required/> <default_value>wan</default_value> <multiple/> </field> <field> - <fielddescr>User-defined reverse-proxy IPs</fielddescr> + <fielddescr>User Defined Reverse Proxy IPs</fielddescr> <fieldname>reverse_ip</fieldname> - <description>Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;).</description> + <description> + <![CDATA[ + Squid will additionally bind to these user-defined IPs for reverse proxy operation. Useful for virtual IPs such as CARP.<br/> + <strong>Note: Separate entries by semi-colons (;)</strong> + ]]> + </description> <type>input</type> <size>70</size> - </field> + </field> <field> - <fielddescr>external FQDN</fielddescr> + <fielddescr>External FQDN</fielddescr> <fieldname>reverse_external_fqdn</fieldname> - <description>The external full-qualified-domain-name of the WAN address.</description> + <description>The external fully qualified domain name of the WAN IP address.</description> <type>input</type> <required/> <size>70</size> </field> <field> - <fielddescr>Reset TCP connections if request is unauthorized</fielddescr> + <fielddescr>Reset TCP Connections on Unauthorized Requests</fielddescr> <fieldname>deny_info_tcp_reset</fieldname> - <description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description> + <description>If checked, the reverse proxy will reset the TCP connection if the request is unauthorized.</description> <type>checkbox</type> <default_value>on</default_value> </field> @@ -133,26 +139,41 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable HTTP reverse mode</fielddescr> + <fielddescr>Enable HTTP Reverse Mode</fielddescr> <fieldname>reverse_http</fieldname> - <description>If this field is checked, the proxy-server will act in HTTP reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> + <description> + <![CDATA[ + If checked, the proxy server will act in HTTP reverse mode.<br/> + <strong>Note: You must add a proper firewall rule with destination 'WAN Address'.</strong> + ]]> + </description> <type>checkbox</type> - <enablefields>reverse_http_port,reverse_http_defsite</enablefields> + <enablefields>reverse_http_port,reverse_http_defsite</enablefields> <required/> <default_value>off</default_value> </field> <field> - <fielddescr>reverse HTTP port</fielddescr> + <fielddescr>Reverse HTTP Port</fielddescr> <fieldname>reverse_http_port</fieldname> - <description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description> + <description> + <![CDATA[ + This is the port the HTTP reverse proxy will listen on. Default value will be used if left empty.<br/> + Default: 80 + ]]> + </description> <type>input</type> <size>5</size> <default_value>80</default_value> </field> <field> - <fielddescr>reverse HTTP default site</fielddescr> + <fielddescr>Reverse HTTP Default Site</fielddescr> <fieldname>reverse_http_defsite</fieldname> - <description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description> + <description> + <![CDATA[ + This is the HTTP reverse proxy default site.<br/> + Note: Leave empty to use 'External FQDN' value specified above. + ]]> + </description> <type>input</type> <size>60</size> </field> @@ -161,99 +182,139 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable HTTPS reverse proxy</fielddescr> + <fielddescr>Enable HTTPS Reverse Proxy</fielddescr> <fieldname>reverse_https</fieldname> - <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> + <description> + <![CDATA[ + If checked, the proxy server will act in HTTPS reverse mode.<br/> + <strong>Note: You must add a proper firewall rule with destination 'WAN Address'.</strong> + ]]> + </description> <type>checkbox</type> <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> - </field> + </field> <field> - <fielddescr>reverse HTTPS port</fielddescr> + <fielddescr>Reverse HTTPS Port</fielddescr> <fieldname>reverse_https_port</fieldname> - <description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description> + <description> + <![CDATA[ + This is the port the HTTPS reverse proxy will listen on. Default value will be used if left empty.<br/> + Default: 443 + ]]> + </description> <type>input</type> <size>5</size> <default_value>443</default_value> </field> <field> - <fielddescr>reverse HTTPS default site</fielddescr> + <fielddescr>Reverse HTTPS Default Site</fielddescr> <fieldname>reverse_https_defsite</fieldname> - <description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description> + <description> + <![CDATA[ + This is the HTTPS reverse proxy default site.<br/> + Note: Leave empty to use 'External FQDN' value specified above. + ]]> + </description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>reverse SSL certificate</fielddescr> + <fielddescr>Reverse SSL Certificate</fielddescr> <fieldname>reverse_ssl_cert</fieldname> <description>Choose the SSL Server Certificate here.</description> - <type>select_source</type> - <source><![CDATA[$config['cert']]]></source> + <type>select_source</type> + <source>$config['cert']</source> <source_name>descr</source_name> <source_value>refid</source_value> </field> <field> - <fielddescr>intermediate CA certificate (if needed)</fielddescr> + <fielddescr>Intermediate CA Certificate (If Needed)</fielddescr> <fieldname>reverse_int_ca</fieldname> - <description>Paste a signed certificate in X.509 PEM format here.</description> + <description> + <![CDATA[ + Paste a signed certificate in X.509 <strong>PEM format</strong> here. + ]]> + </description> <type>textarea</type> - <cols>50</cols> + <cols>75</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> - <fielddescr>Ignore internal Certificate validation</fielddescr> + <fielddescr>Ignore Internal Certificate Validation</fielddescr> <fieldname>reverse_ignore_ssl_valid</fieldname> - <description>If this field is checked, internal certificate validation will be ignored.</description> - <type>checkbox</type> + <description>If checked, internal certificate validation will be ignored.</description> + <type>checkbox</type> <default_value>on</default_value> </field> <field> - <fielddescr>Enable OWA reverse proxy</fielddescr> + <name>OWA Reverse Proxy General Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable OWA Reverse Proxy</fielddescr> <fieldname>reverse_owa</fieldname> - <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> + <description>If checked, Squid will act as an accelerator/SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA Frontend IP Address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> + <description> + <![CDATA[ + These are the internal IPs of the CAS-Array (OWA frontend servers).<br/> + <strong>Note: Separate entries by semi-colons (;)</strong> + ]]> + </description> <type>input</type> <size>70</size> - </field> + </field> <field> <fielddescr>Enable ActiveSync</fielddescr> <fieldname>reverse_owa_activesync</fieldname> - <description>If this field is checked, ActiveSync will be enabled.</description> + <description>If checked, ActiveSync will be enabled.</description> <type>checkbox</type> </field> <field> <fielddescr>Enable Outlook Anywhere</fielddescr> <fieldname>reverse_owa_rpchttp</fieldname> - <description>If this field is checked, RPC over HTTP will be enabled.</description> + <description>If checked, RPC over HTTP will be enabled.</description> <type>checkbox</type> </field> <field> <fielddescr>Enable MAPI HTTP</fielddescr> <fieldname>reverse_owa_mapihttp</fieldname> - <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> - <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <description> + <![CDATA[ + If checked, MAPI over HTTP will be enabled.<br/> + <strong>This feature is only available with at least Microsoft Exchange 2013 SP1</strong> + ]]> + </description> <type>checkbox</type> </field> <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> - <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> - <strong>There are potential DoS side effects to its use, please avoid unless you must.</strong>]]></description> + <description> + <![CDATA[ + If checked, Exchange WebServices will be enabled.<br/> + <strong>There are potential DoS side effects to its use. Please avoid unless really required.</strong> + ]]> + </description> <type>checkbox</type> </field> <field> <fielddescr>Enable AutoDiscover</fielddescr> <fieldname>reverse_owa_autodiscover</fieldname> - <description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br> - <strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description> + <description> + <![CDATA[ + If checked, AutoDiscover will be enabled.<br/> + <strong>You also should set up the autodiscover DNS record to point to you WAN IP.</strong> + ]]> + </description> <type>checkbox</type> </field> <field> @@ -261,49 +322,79 @@ <type>listtopic</type> </field> <field> - <fielddescr><b>peer definitions</b> <br>publishing hosts</fielddescr> + <fielddescr> + <![CDATA[ + Peer Definitions<br/> + Publishing Hosts + ]]> + </fielddescr> <fieldname>reverse_cache_peer</fieldname> - <description><![CDATA[Enter each peer definition on a new line. Directives have to be separated by a semicolon(;).<BR> - syntax: [peer alias];[internal ip address];[port];[HTTP / HTTPS]<br> - example: HOST1;192.168.0.1;80;HTTP<br> - <strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description> + <description> + <![CDATA[ + Enter each peer definition on a new line. Directives have to be separated by a semicolon(;).<br/><br/> + Syntax: [peer alias];[internal ip address];[port];[HTTP/HTTPS]<br/> + Example: HOST1;192.168.0.1;80;HTTP<br/> + <strong><span class="errmsg">WARNING:</span> Wrong syntax usage will result in Squid not starting!</strong> + ]]> + </description> <type>textarea</type> <cols>60</cols> <rows>10</rows> <encoding>base64</encoding> </field> <field> - <fielddescr><b>URI definitions</b> <br>published URIs</fielddescr> + <fielddescr> + <![CDATA[ + URI Definitions<br/> + Published URIs + ]]> + </fielddescr> <fieldname>reverse_uri</fieldname> - <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;)<BR> - syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn]) <BR> - (a group can contain multiple URIs, without vhost fqdn the external fqdn is used, you also can specity http:// or https://)<BR> - example: URI1;public;server.pfsense.org.<BR> - <STRONG>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</STRONG>]]></description> + <description> + <![CDATA[ + Enter each reverse ACL definition on a separate line. Directives have to be separated by a semicolon(;)<br/><br/> + Syntax: [group the uri belongs to];[URI to publish](;[vhost fqdn])<br/> + Example: URI1;public;server.example.com<br/><br/> + Notes:<br/> + - A group can contain multiple URIs<br/> + - If [vhost fqdn] is ommited, 'External FQDN' is used<br/> + - You also can specify http:// or https://<br/><br/> + <strong><span class="errmsg">WARNING:</span> Wrong syntax usage will result in Squid not starting!</strong> + ]]> + </description> <type>textarea</type> <cols>60</cols> <rows>10</rows> <encoding>base64</encoding> - </field> + </field> <field> - <fielddescr><b>ACL definitions</b> <br>published URIs</fielddescr> + <fielddescr> + <![CDATA[ + ACL Definitions<br/> + Published URIs + ]]> + </fielddescr> <fieldname>reverse_acl</fieldname> - <description><![CDATA[Enter each reverse acl definition on a new line. Directives have to be separated by a semicolon(;). <br> - syntax: [peer alias];[uri group alias] <br>example: HOST1;URI1 <br> - <strong>WRONG SYNTAX USAGE WILL RESULT IN SQUID NOT STARTING</strong>]]></description> + <description> + <![CDATA[ + Enter each reverse ACL definition on a new line. Directives have to be separated by a semicolon(;)<br/> + Syntax: [peer alias];[uri group alias]<br/> + Example: HOST1;URI1<br/> + <strong><span class="errmsg">WARNING:</span> Wrong syntax usage will result in Squid not starting!</strong> + ]]> + </description> <type>textarea</type> <cols>60</cols> <rows>10</rows> <encoding>base64</encoding> - </field> - -<!-- + </field> + <!-- <field> - <fielddescr>internal hosts</fielddescr> + <fielddescr>Internal Hosts</fielddescr> <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr>IP address</fielddescr> + <fielddescr>IP Address</fielddescr> <fieldname>reverse_cache_peer_ip</fieldname> <type>input</type> <size>15</size> @@ -312,28 +403,27 @@ <fielddescr>Protocol</fielddescr> <fieldname>reverse_cache_peer_proto</fieldname> <type>select</type> - <options> - <option> <name>HTTP</name> <value>HTTP</value> </option> - <option> <name>HTTPS</name> <value>HTTPS</value> </option> - </options> + <options> + <option><name>HTTP</name><value>HTTP</value></option> + <option><name>HTTPS</name><value>HTTPS</value></option> + </options> </rowhelperfield> <rowhelperfield> - <fielddescr>port</fielddescr> + <fielddescr>Port</fielddescr> <fieldname>reverse_cache_peer_port</fieldname> <type>input</type> <size>5</size> </rowhelperfield> <rowhelperfield> - <fielddescr>peer name</fielddescr> + <fielddescr>Peer Name</fielddescr> <fieldname>reverse_cache_peer_name</fieldname> <type>input</type> <size>25</size> </rowhelperfield> </rowhelper> </field> - <field> - <fielddescr>published URI</fielddescr> + <fielddescr>Published URI</fielddescr> <type>rowhelper</type> <rowhelper> <rowhelperfield> @@ -343,19 +433,15 @@ <size>50</size> </rowhelperfield> <rowhelperfield> - <fielddescr>peer name</fielddescr> + <fielddescr>Peer Name</fielddescr> <fieldname>reverse_cache_peer</fieldname> <type>input</type> <size>25</size> </rowhelperfield> </rowhelper> </field> ---> - + --> </fields> - <custom_php_command_before_form> - squid_before_form_general($pkg); - </custom_php_command_before_form> <custom_php_validation_command> squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> diff --git a/config/squid3/34/squid_reverse_general.xml b/config/squid3/34/squid_reverse_general.xml index 3317ae18..19c504f1 100755 --- a/config/squid3/34/squid_reverse_general.xml +++ b/config/squid3/34/squid_reverse_general.xml @@ -2,56 +2,52 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - squid_reverse_general.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_reverse_general.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidreversegeneral</name> - <version>none</version> - <title>Reverse Proxy server: General</title> + <version>0.3.5</version> + <title>Reverse Proxy Server: General</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> - <tab> - <text>General</text> + <tab> + <text>General</text> <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> <active/> </tab> @@ -68,7 +64,7 @@ <url>/pkg.php?xml=squid_reverse_redir.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php?menu=reverse</url> </tab> <tab> @@ -78,37 +74,47 @@ </tabs> <fields> <field> - <name>Squid Reverse proxy General Settings</name> + <name>Squid Reverse Proxy General Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Reverse Proxy interface</fielddescr> + <fielddescr>Reverse Proxy Interface</fielddescr> <fieldname>reverse_interface</fieldname> - <description>The interface(s) the reverse-proxy server will bind to.</description> + <description> + <![CDATA[ + The interface(s) the reverse-proxy server will bind to.<br/> + Use CTRL + click to select multiple interfaces. + ]]> + </description> <type>interfaces_selection</type> <required/> <default_value>wan</default_value> <multiple/> </field> <field> - <fielddescr>User-defined reverse-proxy IPs</fielddescr> + <fielddescr>User Defined Reverse Proxy IPs</fielddescr> <fieldname>reverse_ip</fieldname> - <description>Squid will additionally bind to this user-defined IPs for reverse-proxy operation. Useful for virtual IPs such as CARP. Separate by semi-colons (;).</description> + <description> + <![CDATA[ + Squid will additionally bind to these user-defined IPs for reverse proxy operation. Useful for virtual IPs such as CARP.<br/> + <strong>Note: Separate entries by semi-colons (;)</strong> + ]]> + </description> <type>input</type> <size>70</size> - </field> + </field> <field> - <fielddescr>external FQDN</fielddescr> + <fielddescr>External FQDN</fielddescr> <fieldname>reverse_external_fqdn</fieldname> - <description>The external full-qualified-domain-name of the WAN address.</description> + <description>The external fully qualified domain name of the WAN IP address.</description> <type>input</type> <required/> <size>70</size> </field> <field> - <fielddescr>Reset TCP connections if request is unauthorized</fielddescr> + <fielddescr>Reset TCP Connections on Unauthorized Requests</fielddescr> <fieldname>deny_info_tcp_reset</fieldname> - <description>If this field is checked, the reverse-proxy will reset the TCP connection if the request is unauthorized.</description> + <description>If checked, the reverse proxy will reset the TCP connection if the request is unauthorized.</description> <type>checkbox</type> <default_value>on</default_value> </field> @@ -117,26 +123,41 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable HTTP reverse mode</fielddescr> + <fielddescr>Enable HTTP Reverse Mode</fielddescr> <fieldname>reverse_http</fieldname> - <description>If this field is checked, the proxy-server will act in HTTP reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> + <description> + <![CDATA[ + If checked, the proxy server will act in HTTP reverse mode.<br/> + <strong>Note: You must add a proper firewall rule with destination 'WAN Address'.</strong> + ]]> + </description> <type>checkbox</type> - <enablefields>reverse_http_port,reverse_http_defsite</enablefields> + <enablefields>reverse_http_port,reverse_http_defsite</enablefields> <required/> <default_value>off</default_value> </field> <field> - <fielddescr>reverse HTTP port</fielddescr> + <fielddescr>Reverse HTTP Port</fielddescr> <fieldname>reverse_http_port</fieldname> - <description>This is the port the HTTP reverse-proxy will listen on. (leave empty to use 80)</description> + <description> + <![CDATA[ + This is the port the HTTP reverse proxy will listen on. Default value will be used if left empty.<br/> + Default: 80 + ]]> + </description> <type>input</type> <size>5</size> <default_value>80</default_value> </field> <field> - <fielddescr>reverse HTTP default site</fielddescr> + <fielddescr>Reverse HTTP Default Site</fielddescr> <fieldname>reverse_http_defsite</fieldname> - <description>This is the HTTP reverse default site. (leave empty to use the external fqdn)</description> + <description> + <![CDATA[ + This is the HTTP reverse proxy default site.<br/> + Note: Leave empty to use 'External FQDN' value specified above. + ]]> + </description> <type>input</type> <size>60</size> </field> @@ -145,109 +166,142 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable HTTPS reverse proxy</fielddescr> + <fielddescr>Enable HTTPS Reverse Proxy</fielddescr> <fieldname>reverse_https</fieldname> - <description>If this field is checked, the proxy-server will act in HTTPS reverse mode. <br>(You have to add a rule with destination "WAN-address")</description> + <description> + <![CDATA[ + If checked, the proxy server will act in HTTPS reverse mode.<br/> + <strong>Note: You must add a proper firewall rule with destination 'WAN Address'.</strong> + ]]> + </description> <type>checkbox</type> <enablefields>reverse_https_port,reverse_https_defsite,reverse_ssl_cert,reverse_int_ca,reverse_ignore_ssl_valid,reverse_owa,reverse_owa_ip,reverse_owa_webservice,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_autodiscover,reverse_ssl_chain</enablefields> <required/> <default_value>off</default_value> - </field> + </field> <field> - <fielddescr>reverse HTTPS port</fielddescr> + <fielddescr>Reverse HTTPS Port</fielddescr> <fieldname>reverse_https_port</fieldname> - <description>This is the port the HTTPS reverse-proxy will listen on. (leave empty to use 443)</description> + <description> + <![CDATA[ + This is the port the HTTPS reverse proxy will listen on. Default value will be used if left empty.<br/> + Default: 443 + ]]> + </description> <type>input</type> <size>5</size> <default_value>443</default_value> </field> <field> - <fielddescr>reverse HTTPS default site</fielddescr> + <fielddescr>Reverse HTTPS Default Site</fielddescr> <fieldname>reverse_https_defsite</fieldname> - <description>This is the HTTPS reverse default site. (leave empty to use the external fqdn)</description> + <description> + <![CDATA[ + This is the HTTPS reverse proxy default site.<br/> + Note: Leave empty to use 'External FQDN' value specified above. + ]]> + </description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>reverse SSL certificate</fielddescr> + <fielddescr>Reverse SSL Certificate</fielddescr> <fieldname>reverse_ssl_cert</fieldname> <description>Choose the SSL Server Certificate here.</description> - <type>select_source</type> - <source><![CDATA[$config['cert']]]></source> + <type>select_source</type> + <source>$config['cert']</source> <source_name>descr</source_name> <source_value>refid</source_value> </field> <field> - <fielddescr>intermediate CA certificate (if needed)</fielddescr> + <fielddescr>Intermediate CA Certificate (If Needed)</fielddescr> <fieldname>reverse_int_ca</fieldname> - <description>Paste a signed certificate in X.509 PEM format here.</description> + <description> + <![CDATA[ + Paste a signed certificate in X.509 <strong>PEM format</strong> here. + ]]> + </description> <type>textarea</type> - <cols>50</cols> + <cols>75</cols> <rows>5</rows> <encoding>base64</encoding> </field> <field> - <fielddescr>Ignore internal Certificate validation</fielddescr> + <fielddescr>Ignore Internal Certificate Validation</fielddescr> <fieldname>reverse_ignore_ssl_valid</fieldname> - <description>If this field is checked, internal certificate validation will be ignored.</description> - <type>checkbox</type> + <description>If checked, internal certificate validation will be ignored.</description> + <type>checkbox</type> <default_value>on</default_value> </field> <field> - <name>OWA Reverse proxy General Settings</name> + <name>OWA Reverse Proxy General Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Enable OWA reverse proxy</fielddescr> + <fielddescr>Enable OWA Reverse Proxy</fielddescr> <fieldname>reverse_owa</fieldname> - <description>If this field is checked, squid will act as an accelerator/ SSL offloader for Outlook Web App.</description> + <description>If checked, Squid will act as an accelerator/SSL offloader for Outlook Web App.</description> <type>checkbox</type> - <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> + <enablefields>reverse_owa_ip,reverse_owa_activesync,reverse_owa_rpchttp,reverse_owa_mapihttp,reverse_owa_webservice,reverse_owa_autodiscover</enablefields> </field> <field> - <fielddescr>CAS-Array / OWA frontend IP address</fielddescr> + <fielddescr>CAS-Array / OWA Frontend IP Address</fielddescr> <fieldname>reverse_owa_ip</fieldname> - <description>These are the internal IPs of the CAS-Array (OWA frontend servers). Separate by semi-colons (;). </description> + <description> + <![CDATA[ + These are the internal IPs of the CAS-Array (OWA frontend servers).<br/> + <strong>Note: Separate entries by semi-colons (;)</strong> + ]]> + </description> <type>input</type> <size>70</size> - </field> + </field> <field> <fielddescr>Enable ActiveSync</fielddescr> <fieldname>reverse_owa_activesync</fieldname> - <description>If this field is checked, ActiveSync will be enabled.</description> + <description>If checked, ActiveSync will be enabled.</description> <type>checkbox</type> </field> <field> <fielddescr>Enable Outlook Anywhere</fielddescr> <fieldname>reverse_owa_rpchttp</fieldname> - <description>If this field is checked, RPC over HTTP will be enabled.</description> + <description>If checked, RPC over HTTP will be enabled.</description> <type>checkbox</type> </field> <field> <fielddescr>Enable MAPI HTTP</fielddescr> <fieldname>reverse_owa_mapihttp</fieldname> - <description><![CDATA[If this field is checked, MAPI over HTTP will be enabled.<br> - <strong>This feature is only available with at least Exchange 2013 SP1</strong>]]></description> + <description> + <![CDATA[ + If checked, MAPI over HTTP will be enabled.<br/> + <strong>This feature is only available with at least Microsoft Exchange 2013 SP1</strong> + ]]> + </description> <type>checkbox</type> </field> <field> <fielddescr>Enable Exchange WebServices</fielddescr> <fieldname>reverse_owa_webservice</fieldname> - <description><![CDATA[If this field is checked, Exchange WebServices will be enabled.<br> - <strong>There are potential DoS side effects to its use, please avoid unless you must.</strong>]]></description> + <description> + <![CDATA[ + If checked, Exchange WebServices will be enabled.<br/> + <strong>There are potential DoS side effects to its use. Please avoid unless really required.</strong> + ]]> + </description> <type>checkbox</type> </field> <field> <fielddescr>Enable AutoDiscover</fielddescr> <fieldname>reverse_owa_autodiscover</fieldname> - <description><![CDATA[If this field is checked, AutoDiscover will be enabled.<br> - <strong>You also should set up the autodiscover DNS-record to point to you WAN-IP.</strong>]]></description> + <description> + <![CDATA[ + If checked, AutoDiscover will be enabled.<br/> + <strong>You also should set up the autodiscover DNS record to point to you WAN IP.</strong> + ]]> + </description> <type>checkbox</type> </field> </fields> - <custom_php_command_before_form> - squid_before_form_general($pkg); - </custom_php_command_before_form> <custom_php_validation_command> squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> diff --git a/config/squid3/34/squid_reverse_peer.xml b/config/squid3/34/squid_reverse_peer.xml index eabc72ff..fabc5b92 100755 --- a/config/squid3/34/squid_reverse_peer.xml +++ b/config/squid3/34/squid_reverse_peer.xml @@ -2,56 +2,52 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - squid_reverse_peer.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_reverse_peer.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidreversepeer</name> - <version>none</version> - <title>Reverse Proxy server: Peers</title> + <version>0.3.5</version> + <title>Reverse Proxy Server: Peers</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> - <tab> - <text>General</text> + <tab> + <text>General</text> <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> </tab> <tab> @@ -68,7 +64,7 @@ <url>/pkg.php?xml=squid_reverse_redir.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php?menu=reverse</url> </tab> <tab> @@ -86,7 +82,7 @@ <fieldname>name</fieldname> </columnitem> <columnitem> - <fielddescr>Ip address</fielddescr> + <fielddescr>IP Address</fielddescr> <fieldname>ip</fieldname> </columnitem> <columnitem> @@ -96,11 +92,11 @@ <columnitem> <fielddescr>Protocol</fielddescr> <fieldname>Protocol</fieldname> - </columnitem> + </columnitem> <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - </columnitem> + </columnitem> </adddeleteeditpagefields> <fields> <field> @@ -108,56 +104,65 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable this peer</fielddescr> + <fielddescr>Enable This Peer</fielddescr> <fieldname>enable</fieldname> - <description>If this field is checked, then this peer will be available for reverse config.</description> + <description>If checked, then this peer will be available for reverse proxy configuration.</description> <type>checkbox</type> </field> <field> <fielddescr>Peer Alias</fielddescr> <fieldname>name</fieldname> - <description><![CDATA[Name to identify this peer on squid reverse conf<br> - example: HOST1]]></description> + <description> + <![CDATA[ + Name to identify this peer on Squid reverse proxy configuration.<br/> + Example: HOST1 + ]]> + </description> <type>input</type> <size>20</size> </field> <field> <fielddescr>Peer IP</fielddescr> <fieldname>ip</fieldname> - <description><![CDATA[Ip Address of this peer.<br> - example: 192.168.0.1]]></description> + <description> + <![CDATA[ + IP address of this peer.<br/> + Example: 192.168.0.1 + ]]> + </description> <type>input</type> <size>20</size> </field> <field> <fielddescr>Peer Port</fielddescr> <fieldname>port</fieldname> - <description><![CDATA[Listening port of this peer.<br> - example: 80]]></description> + <description> + <![CDATA[ + Listening port of this peer.<br/> + Example: 80 + ]]> + </description> <type>input</type> <size>20</size> </field> <field> <fielddescr>Peer Protocol</fielddescr> <fieldname>protocol</fieldname> - <description><![CDATA[Protocol listening on this peer port.]]></description> + <description>Select protocol listening on this peer port.</description> <type>select</type> - <options> - <option> <name>HTTP</name> <value>HTTP</value> </option> - <option> <name>HTTPS</name> <value>HTTPS</value> </option> - </options> + <options> + <option><name>HTTP</name> <value>HTTP</value></option> + <option><name>HTTPS</name> <value>HTTPS</value></option> + </options> </field> <field> <fielddescr>Peer Description</fielddescr> <fieldname>description</fieldname> - <description><![CDATA[Peer Description (optional)]]></description> + <description>Peer Description (Optional)</description> <type>input</type> <size>60</size> </field> </fields> - <custom_php_command_before_form> - squid_before_form_general($pkg); - </custom_php_command_before_form> <custom_php_validation_command> squid_validate_reverse($_POST, $input_errors); </custom_php_validation_command> diff --git a/config/squid3/34/squid_reverse_redir.xml b/config/squid3/34/squid_reverse_redir.xml index de25f56a..71653899 100755 --- a/config/squid3/34/squid_reverse_redir.xml +++ b/config/squid3/34/squid_reverse_redir.xml @@ -3,30 +3,29 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ============================================================================ */ +/* ====================================================================================== */ /* squid_reverse_redir.xml - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2013 Gekkenhuis + Copyright (C) 2015 ESF, LLC All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ============================================================================ */ +*/ +/* ====================================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -38,16 +37,13 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ============================================================================ */ +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>squidreverseredir</name> - <version>none</version> - <title>Reverse Proxy server: Redirects</title> + <version>0.3.5</version> + <title>Reverse Proxy Server: Redirects</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> @@ -68,7 +64,7 @@ <active/> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php?menu=reverse</url> </tab> <tab> @@ -82,13 +78,13 @@ <fieldname>enable</fieldname> </columnitem> <columnitem> - <fielddescr>Redirect Name</fielddescr> - <fieldname>name</fieldname> + <fielddescr>Redirect Name</fielddescr> + <fieldname>name</fieldname> + </columnitem> + <columnitem> + <fielddescr>Redirect To</fielddescr> + <fieldname>redirurl</fieldname> </columnitem> - <columnitem> - <fielddescr>Redirect to</fielddescr> - <fieldname>redirurl</fieldname> - </columnitem> <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> @@ -100,83 +96,88 @@ <type>listtopic</type> </field> <field> - <fielddescr>Enable this redirect</fielddescr> + <fielddescr>Enable This Redirect</fielddescr> <fieldname>enable</fieldname> - <description><![CDATA[If this field is checked, then this redirect will be available for reverse config.]]></description> + <description>If checked, then this redirect will be available for reverse config.</description> <type>checkbox</type> </field> <field> - <fielddescr>Redirect name</fielddescr> + <fielddescr>Redirect Name</fielddescr> <fieldname>name</fieldname> - <description><![CDATA[Name to identify this redirect on squid reverse conf<br/> - example: REDIR1]]></description> + <description> + <![CDATA[ + Enter the name to identify this redirect in Squid reverse configuration.<br /> + Example: REDIR1 + ]]> + </description> <type>input</type> <size>20</size> </field> <field> <fielddescr>Redirect Description</fielddescr> <fieldname>description</fieldname> - <description><![CDATA[Redirect Description (optional)]]></description> + <description>Redirect Description (Optional)</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>Redirect Protocol</fielddescr> <fieldname>protocol</fieldname> - <description><![CDATA[Protocol to redirect on.<br/> - Use CTRL + click to select multiple]]></description> + <description> + <![CDATA[ + Select the protocol to redirect on.<br/> + Use CTRL + click to select multiple options. + ]]> + </description> <type>select</type> <multiple/> <size>03</size> - <options> - <option> - <name>HTTP</name> - <value>HTTP</value> - </option> - <option> - <name>HTTPS</name> - <value>HTTPS</value> - </option> - </options> + <options> + <option><name>HTTP</name><value>HTTP</value></option> + <option><name>HTTPS</name><value>HTTPS</value></option> + </options> </field> <field> - <fielddescr>Blocked domains</fielddescr> + <fielddescr>Blocked Domains</fielddescr> <fieldname>none</fieldname> - <description>Domains to redirect for</description> + <description>Domains to redirect for.</description> <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr><![CDATA[<strong>Domains to match</strong><br/><br/> - Samples: mydomain.com sub.mydomain.com www.mydomain.com<br/><br/> - Do not enter http:// or https:// here! only the hostname is required.]]></fielddescr> - <fieldname>uri</fieldname> - <type>input</type> - <size>60</size> - </rowhelperfield> + <fielddescr> + <![CDATA[ + Enter the domains to match here.<br/> + Example: example.com sub.example.com www.example.com<br/><br/> + Do <strong>NOT</strong> enter http:// or https:// here! Only the hostname is required. + ]]> + </fielddescr> + <fieldname>uri</fieldname> + <type>input</type> + <size>60</size> + </rowhelperfield> </rowhelper> </field> <field> - <fielddescr>Path regex</fielddescr> + <fielddescr>Path Regex</fielddescr> <fieldname>pathregex</fieldname> - <description><![CDATA[Path regex to match<br/><br/>]]> - Enter ^/$ to match the domain only.</description> + <description> + <![CDATA[ + Enter the path regex to match here.<br/> + Hint: Enter ^/$ to match the domain only. + ]]> + </description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>URL to redirect to</fielddescr> + <fielddescr>URL to Redirect To</fielddescr> <fieldname>redirurl</fieldname> - <description><![CDATA[URL to redirect to]]></description> + <description>Enter the URL to redirect to here.</description> <type>input</type> <size>60</size> </field> </fields> - - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_php_validation_command> - </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/34/squid_reverse_sync.xml b/config/squid3/34/squid_reverse_sync.xml index 0dc816cb..3b929c8e 100755 --- a/config/squid3/34/squid_reverse_sync.xml +++ b/config/squid3/34/squid_reverse_sync.xml @@ -1,49 +1,49 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - squid_sync.xml - part of the sarg package for pfSense - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + squid_reverse_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>squidsync</name> - <version>1.0</version> - <title>Reverse Proxy server: XMLRPC Sync</title> + <version>0.3.5</version> + <title>Reverse Proxy Server: XMLRPC Sync</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> <tab> @@ -78,9 +78,9 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync squid configuration changes</fielddescr> + <fielddescr>Automatically sync Squid configuration changes</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for squid.</description> + <description>Select a sync method for Squid.</description> <type>select</type> <required/> <default_value>auto</default_value> @@ -91,9 +91,9 @@ </options> </field> <field> - <fielddescr>Sync timeout</fielddescr> + <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> - <description>Select sync max wait time</description> + <description>Select sync max wait time.</description> <type>select</type> <required/> <default_value>250</default_value> @@ -110,25 +110,23 @@ <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP address of remote server.</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> </rowhelper> </field> </fields> - <custom_php_validation_command> - </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> diff --git a/config/squid3/34/squid_reverse_uri.xml b/config/squid3/34/squid_reverse_uri.xml index 9a6f183f..164d6374 100755 --- a/config/squid3/34/squid_reverse_uri.xml +++ b/config/squid3/34/squid_reverse_uri.xml @@ -2,56 +2,52 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - squid_reverse_general.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_reverse_uri.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidreverseuri</name> - <version>none</version> - <title>Reverse Proxy server: Mappings</title> + <version>0.3.5</version> + <title>Reverse Proxy Server: Mappings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> - <tab> - <text>General</text> + <tab> + <text>General</text> <url>/pkg_edit.php?xml=squid_reverse_general.xml&id=0</url> </tab> <tab> @@ -68,7 +64,7 @@ <url>/pkg.php?xml=squid_reverse_redir.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php?menu=reverse</url> </tab> <tab> @@ -92,68 +88,77 @@ <columnitem> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - </columnitem> + </columnitem> </adddeleteeditpagefields> <fields> - <field> + <field> <name>Squid Reverse Peer Mappings</name> <type>listtopic</type> </field> - <field> - <fielddescr>Enable this URI</fielddescr> + <field> + <fielddescr>Enable This URI</fielddescr> <fieldname>enable</fieldname> - <description><![CDATA[If this field is checked, then this URI(Uniform Resource Name) will be available for reverse config.]]></description> + <description>If checked, then this URI (Uniform Resource Name) will be available for reverse proxy config.</description> <type>checkbox</type> </field> <field> - <fielddescr>Group name</fielddescr> + <fielddescr>Group Name</fielddescr> <fieldname>name</fieldname> - <description><![CDATA[Name to identify this URI on squid reverse conf<br> - example: URI1]]></description> + <description> + <![CDATA[ + Name to identify this URI on Squid reverse proxy configuration.<br/> + Example: URI1 + ]]> + </description> <type>input</type> <size>20</size> </field> <field> <fielddescr>Group Description</fielddescr> <fieldname>description</fieldname> - <description><![CDATA[URI Group Description (optional)]]></description> + <description>URI Group Description (Optional)</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>Peers</fielddescr> <fieldname>peers</fieldname> - <description><![CDATA[Apply this Group Mappings to selected Peers<br> - Use CTRL + click to select.]]></description> - <type>select_source</type> - <source><![CDATA[$config['installedpackages']['squidreversepeer']['config']]]></source> + <description> + <![CDATA[ + Apply these group mappings to the selected peers.<br/> + Use CTRL + click to select multiple peers. + ]]> + </description> + <type>select_source</type> + <source>$config['installedpackages']['squidreversepeer']['config']</source> <source_name>name</source_name> <source_value>name</source_value> <multiple/> <size>05</size> </field> - <field> - <fielddescr><![CDATA[URIs]]></fielddescr> + <field> + <fielddescr>URIs</fielddescr> <fieldname>none</fieldname> - <description><![CDATA[URI to publish]]></description> + <description>URI to publish.</description> <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr><![CDATA[<strong>Url regex to match</strong><br><br> - Samples: .mydomain.com .mydomain.com/test<br> - www.mydomain.com http://www.mydomain.com/ ^http://www.mydomain.com/.*$]]></fielddescr> - <fieldname>uri</fieldname> - <type>input</type> - <size>70</size> - </rowhelperfield> + <fielddescr> + <![CDATA[ + Enter URL <strong>regex</strong> to match.<br/><br/> + Examples:<br/> + .mydomain.com .mydomain.com/test<br/> + www.mydomain.com http://www.mydomain.com/ ^http://www.mydomain.com/.*$ + ]]> + </fielddescr> + <fieldname>uri</fieldname> + <type>input</type> + <size>70</size> + </rowhelperfield> </rowhelper> - </field> + </field> </fields> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_php_validation_command> - </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/squid3/34/squid_sync.xml b/config/squid3/34/squid_sync.xml index 7e632eab..29585dd8 100755 --- a/config/squid3/34/squid_sync.xml +++ b/config/squid3/34/squid_sync.xml @@ -1,48 +1,48 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - squid_sync.xml - part of the sarg package for pfSense - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + squid_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>squidsync</name> - <version>1.0</version> + <version>0.3.5</version> <title>Proxy server: XMLRPC Sync</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> @@ -79,7 +79,7 @@ <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> @@ -94,9 +94,9 @@ <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync squid configuration changes</fielddescr> + <fielddescr>Automatically sync Squid configuration changes</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for squid.</description> + <description>Select a sync method for Squid.</description> <type>select</type> <required/> <default_value>auto</default_value> @@ -107,9 +107,9 @@ </options> </field> <field> - <fielddescr>Sync timeout</fielddescr> + <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> - <description>Select sync max wait time</description> + <description>Select sync max wait time.</description> <type>select</type> <required/> <default_value>250</default_value> @@ -126,25 +126,23 @@ <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP address of remote server.</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> </rowhelper> </field> </fields> - <custom_php_validation_command> - </custom_php_validation_command> <custom_php_resync_config_command> squid_resync(); </custom_php_resync_config_command> diff --git a/config/squid3/34/squid_traffic.xml b/config/squid3/34/squid_traffic.xml index 3439d598..135ef9ad 100755 --- a/config/squid3/34/squid_traffic.xml +++ b/config/squid3/34/squid_traffic.xml @@ -2,57 +2,52 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_traffic.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidtraffic</name> - <version>none</version> - <title>Proxy server: Traffic management</title> + <version>0.3.5</version> + <title>Proxy server: Traffic Management</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> - <tab> - <text>General</text> + <tab> + <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> <tab> @@ -85,7 +80,7 @@ <url>/pkg.php?xml=squid_users.xml</url> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> @@ -99,36 +94,57 @@ <type>listtopic</type> </field> <field> - <fielddescr>Maximum download size</fielddescr> + <fielddescr>Maximum Download Size</fielddescr> <fieldname>max_download_size</fieldname> - <description>Limit the maximum total download size to the size specified here (in kilobytes). Set to 0 to disable.</description> + <description> + <![CDATA[ + Limit the maximum total download size to the size specified here (in kilobytes).<br/> + Set to 0 to disable. + ]]> + </description> <type>input</type> - <size>10</size> + <size>10</size> <required/> <default_value>0</default_value> </field> <field> - <fielddescr>Maximum upload size</fielddescr> + <fielddescr>Maximum Upload Size</fielddescr> <fieldname>max_upload_size</fieldname> - <description>Limit the maximum total upload size to the size specified here (in kilobytes). Set to 0 to disable.</description> + <description> + <![CDATA[ + Limit the maximum total upload size to the size specified here (in kilobytes).<br/> + Set to 0 to disable. + ]]> + </description> <type>input</type> <size>10</size> <required/> <default_value>0</default_value> </field> <field> - <fielddescr>Overall bandwidth throttling</fielddescr> + <fielddescr>Overall Bandwidth Throttling</fielddescr> <fieldname>overall_throttling</fieldname> - <description>This value specifies (in kilobytes per second) the bandwidth throttle for downloads. Users will gradually have their download speed increased according to this value. Set to 0 to disable bandwidth throttling.</description> + <description> + <![CDATA[ + This value specifies the bandwidth throttle for downloads (in kilobytes per second).<br/> + Users will gradually have their download speed decreased according to this value.<br/> + Set to 0 to disable. + ]]> + </description> <type>input</type> <size>10</size> <required/> <default_value>0</default_value> </field> <field> - <fielddescr>Per-host throttling</fielddescr> + <fielddescr>Per-Host Throttling</fielddescr> <fieldname>perhost_throttling</fieldname> - <description>This value specifies the download throttling per host. Set to 0 to disable this.</description> + <description> + <![CDATA[ + This value specifies the download throttling per host.<br/> + Set to 0 to disable. + ]]> + </description> <type>input</type> <size>10</size> <required/> @@ -139,7 +155,7 @@ <type>listtopic</type> </field> <field> - <fielddescr>Throttle only specific extensions</fielddescr> + <fielddescr>Throttle Only Specific Extensions</fielddescr> <fieldname>throttle_specific</fieldname> <description>Leave this checked to be able to choose the extensions that throttling will be applied to. Otherwise, all files will be throttled.</description> <type>checkbox</type> @@ -147,25 +163,25 @@ <default_value>on</default_value> </field> <field> - <fielddescr>Throttle binary files</fielddescr> + <fielddescr>Throttle Binary Files</fielddescr> <fieldname>throttle_binaries</fieldname> <description>Check this to apply bandwidth throttle to binary files. This includes compressed archives and executables.</description> <type>checkbox</type> </field> <field> - <fielddescr>Throttle CD images</fielddescr> + <fielddescr>Throttle CD/DVD Image Files</fielddescr> <fieldname>throttle_cdimages</fieldname> - <description>Check this to apply bandwidth throttle to CD image files.</description> + <description>Check this to apply bandwidth throttle to CD/DVD image files.</description> <type>checkbox</type> </field> <field> - <fielddescr>Throttle multimedia files</fielddescr> + <fielddescr>Throttle Multimedia Files</fielddescr> <fieldname>throttle_multimedia</fieldname> <description>Check this to apply bandwidth throttle to multimedia files, such as movies or songs.</description> <type>checkbox</type> </field> <field> - <fielddescr>Throttle other extensions</fielddescr> + <fielddescr>Throttle Other Extensions</fielddescr> <fieldname>throttle_others</fieldname> <description>Comma-separated list of extensions to apply bandwidth throttle to.</description> <type>input</type> @@ -176,9 +192,22 @@ <type>listtopic</type> </field> <field> + <field> + <type>info</type> + <description> + <![CDATA[ + The cache by default continues downloading aborted requests which are almost completed.<br/> + This may be undesirable on slow links and/or very busy caches. Impatient users may tie up file descriptors and + bandwidth by repeatedly requesting and immediately aborting downloads.<br/> + When the user aborts a request, Squid will compare the below values to the amount of data transferred so far.<br/><br/> + If you do not want any retrieval to continue after the client has aborted, set both values below to 0.<br/> + If you want retrievals to always continue if they are being cached, set 'Finish transfer if less than x KB remaining' to -1. + ]]> + </description> + </field> <fielddescr>Finish transfer if less than x KB remaining</fielddescr> <fieldname>quick_abort_min</fieldname> - <description>If the transfer has less than x KB remaining, it will finish the retrieval. Set to 0 to abort the transfer immediately.</description> + <description>If the transfer has less than x KB remaining, it will finish the retrieval.</description> <type>input</type> <size>10</size> <default_value>0</default_value> @@ -186,7 +215,7 @@ <field> <fielddescr>Abort transfer if more than x KB remaining</fielddescr> <fieldname>quick_abort_max</fieldname> - <description>If the transfer has more than x KB remaining, it will abort the retrieval. Set to 0 to abort the transfer immediately.</description> + <description>If the transfer has more than x KB remaining, it will abort the retrieval.</description> <type>input</type> <default_value>0</default_value> </field> @@ -197,7 +226,7 @@ <type>input</type> <size>10</size> <default_value>0</default_value> - </field> + </field> </fields> <custom_php_validation_command> squid_validate_traffic($_POST, $input_errors); diff --git a/config/squid3/34/squid_upstream.xml b/config/squid3/34/squid_upstream.xml index b8696750..14e23216 100755 --- a/config/squid3/34/squid_upstream.xml +++ b/config/squid3/34/squid_upstream.xml @@ -2,56 +2,51 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - squid_upstream.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_upstream.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidremote</name> - <version>none</version> - <title>Proxy server: Remote proxy settings</title> + <version>0.3.5</version> + <title>Proxy Server: Remote Proxy Settings</title> <include_file>/usr/local/pkg/squid.inc</include_file> <tabs> -<tab> + <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> @@ -99,7 +94,7 @@ <fieldname>enable</fieldname> </columnitem> <columnitem> - <fielddescr>name</fielddescr> + <fielddescr>Name</fielddescr> <fieldname>proxyaddr</fieldname> </columnitem> <columnitem> @@ -109,17 +104,16 @@ <columnitem> <fielddescr>ICP</fielddescr> <fieldname>icpport</fieldname> - </columnitem> + </columnitem> <columnitem> - <fielddescr>Peer type</fielddescr> + <fielddescr>Peer Type</fielddescr> <fieldname>hierarchy</fieldname> </columnitem> <columnitem> <fielddescr>Method</fielddescr> <fieldname>peermethod</fieldname> - </columnitem> + </columnitem> </adddeleteeditpagefields> - <fields> <field> <name>General Settings</name> @@ -135,7 +129,7 @@ <field> <fielddescr>Hostname</fielddescr> <fieldname>proxyaddr</fieldname> - <description>Enter here the IP address or host name of the upstream proxy.</description> + <description>Enter the IP address or host name of the upstream proxy here.</description> <type>input</type> <size>35</size> <required/> @@ -143,48 +137,78 @@ <field> <fielddescr>Name</fielddescr> <fieldname>proxyname</fieldname> - <description>Unique name for the peer.Required if you have multiple peers on the same host but different ports.</description> + <description> + <![CDATA[ + Unique name for the peer.<br/> + <strong>Note: Name is required if you have multiple peers on the same host but different ports.</strong> + ]]> + </description> <type>input</type> <size>35</size> <required/> </field> <field> - <fielddescr>TCP port</fielddescr> + <fielddescr>TCP Port</fielddescr> <fieldname>proxyport</fieldname> - <description>Enter the port to use to connect to the upstream proxy.</description> + <description>Enter the port to use to connect to the upstream proxy here.</description> <type>input</type> <size>5</size> <default_value>3128</default_value> <required/> </field> + <!-- The commented-out options are not used anywhere in the code --> + <!-- <field> <fielddescr>Timeout</fielddescr> <fieldname>connecttimeout</fieldname> - <description>A peer-specific connect timeout. Also see the peer_connect_timeout directive.</description> + <description> + <![CDATA[ + A peer-specific connect timeout. This parameter specifies how long to wait for a pending TCP connection to a peer cache.<br/> + Also see <a href="http://www.squid-cache.org/Doc/config/peer_connect_timeout/">peer_connect_timeout directive</a>. + ]]> + </description> <type>input</type> <size>5</size> </field> <field> <fielddescr>Fail Limit</fielddescr> - <fieldname>connectfailLimit</fieldname> - <description>How many times connecting to a peer must fail before it is marked as down. Default is 10.</description> + <fieldname>connectfaillimit</fieldname> + <description> + <![CDATA[ + How many times connecting to a peer must fail before it is marked as down.<br/> + Default: 10 + ]]> + </description> <type>input</type> <size>5</size> <default_value>10</default_value> </field> <field> - <fielddescr>Max</fielddescr> + <fielddescr>Max Connections</fielddescr> <fieldname>maxconn</fieldname> - <description>Limit the amount of connections Squid may open to this peer.</description> + <description> + <![CDATA[ + Limit the amount of connections Squid may open to this peer.<br/> + Peer exceeding the limit is not used for new requests unless a standby connection is available.<br/> + <strong>Warning: This feature currently works poorly with idle persistent connections.</strong><br/> + See <a href="http://www.squid-cache.org/Doc/config/cache_peer/">cache_peer directive documentation</a> for details. + ]]> + </description> <type>input</type> <size>5</size> </field> + --> <field> - <fielddescr>Allow Miss</fielddescr> + <fielddescr>General Options (Allow Miss/No Tproxy/Proxy Only)</fielddescr> <fieldname>allowmiss</fieldname> - <description><![CDATA[<strong>allow-miss</strong> - Disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when icp_hit_stale is used by the sibling.<br><br> - <strong>no-tproxy</strong> - Do not use the client-spoof TPROXY support when forwarding requests to this peer. Use normal address selection instead.<br><br> - <strong>proxy-only</strong> - Objects fetched from the peer will not be stored locally.]]></description> + <description> + <![CDATA[ + <strong>allow-miss</strong> - Disable Squid's use of only-if-cached when forwarding requests to siblings. This is primarily useful when icp_hit_stale is used by the sibling.<br/> + <strong>no-tproxy</strong> - Do not use the client-spoof TPROXY support when forwarding requests to this peer. Use normal address selection instead.<br/> + <strong>proxy-only</strong> - Objects fetched from the peer will not be stored locally.<br/><br/> + Note: Use CTRL + click to select multiple options. + ]]> + </description> <type>select</type> <default_value>allow-miss</default_value> <options> @@ -196,10 +220,18 @@ <size>4</size> </field> <field> - <name>Peer settings</name> + <name>Peer Settings</name> <type>listtopic</type> </field> <field> + <type>info</type> + <description> + <![CDATA[ + Please, see <a href="http://www.squid-cache.org/Doc/config/cache_peer/">cache_peer directive documentation</a> for detailed description of the settings below.<br/> + ]]> + </description> + </field> + <field> <fielddescr>Hierarchy</fielddescr> <fieldname>hierarchy</fieldname> <description>Specify remote caches hierarchy.</description> @@ -212,20 +244,21 @@ </options> </field> <field> - <fielddescr>Select method</fielddescr> + <fielddescr>Select Method</fielddescr> <fieldname>peermethod</fieldname> - <description><![CDATA[The default peer selection method is ICP, with the first responding peer being used as source. These options can be used for better load balancing.<br><br> - <strong>default</strong> - This is a parent cache which can be used as a "last-resort" if a peer cannot be located by any of the peer-selection methods.<br> - If specified more than once, only the first is used.<br><br> - <strong>round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion in the absence of any ICP queries.<br>weight=N can be used to add bias.<br><br> - <strong>weighted-round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion with the frequency of each parent being based on the round trip time.<br> - Closer parents are used more often. Usually used for background-ping parents. weight=N can be used to add bias.<br><br> - <strong>carp</strong> - Load-Balance parents which should be used as a CARP array. The requests will be distributed among the parents based on the CARP load balancing hash function based on their weight.<br><br> - <strong>userhash</strong> - Load-balance parents based on the client proxy_auth or ident username.<br><br> - <strong>sourcehash</strong> - Load-balance parents based on the client source IP.<br><br> - <strong>multicast-siblings</strong> - To be used only for cache peers of type "multicast".<br> - ALL members of this multicast group have "sibling" relationship with it, not "parent". This is to a multicast group when the requested object would be fetched only from a "parent" cache, anyway.<br> - It's useful, e.g., when configuring a pool of redundant Squid proxies, being members of the same multicast group.]]></description> + <description> + <![CDATA[ + The default peer selection method is ICP, with the first responding peer being used as source. These options can be used for better load balancing.<br/> + Please see <a href="http://www.squid-cache.org/Doc/config/cache_peer/">cache_peer directive documentation</a> for details.<br/><br/> + <strong>default</strong> - Parent cache which can be used as a "last-resort" if a peer cannot be located by any of the peer-selection methods.<br/> + <strong>round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion in the absence of any ICP queries.<br/> + <strong>weighted-round-robin</strong> - Load-Balance parents which should be used in a round-robin fashion with the frequency of each parent being based on the round trip time.<br/> + <strong>carp</strong> - Load-Balance parents which should be used as a CARP array.<br/> + <strong>userhash</strong> -Load-Balance parents based on the client proxy_auth or ident username.<br/> + <strong>sourcehash</strong> - Load-balance parents based on the client source IP.<br/> + <strong>multicast-siblings</strong> - To be used only for cache peers of type "multicast".<br/> + ]]> + </description> <type>select</type> <default_value>round-robin</default_value> <options> @@ -239,45 +272,68 @@ </options> </field> <field> - <fielddescr>weight</fielddescr> + <fielddescr>Weight</fielddescr> <fieldname>weight</fieldname> - <description>Use to affect the selection of a peer during any weighted peer-selection mechanisms. The weight must be an integer; default is 1,larger weights are favored more.</description> + <description> + <![CDATA[ + Use to affect the selection of a peer during any weighted peer-selection mechanisms.<br/> + <strong>Note: The weight must be an integer; larger weights are favored more.</strong><br/><br/> + Default: 1 + ]]> + </description> <type>input</type> <size>5</size> <default>1</default> </field> <field> - <fielddescr>basetime</fielddescr> + <fielddescr>Basetime</fielddescr> <fieldname>basetime</fieldname> - <description><![CDATA[Specify a base amount to be subtracted from round trip times of parents.<br> - It is subtracted before division by weight in calculating which parent to fectch from. If the rtt is less than the base time the rtt is set to a minimal value.]]></description> + <description> + <![CDATA[ + Specify a base amount to be subtracted from round trip times of parents.<br/> + It is subtracted before division by weight in calculating which parent to fetch from. If the RTT is less than the base time, the RTT is set to a minimal value. + ]]> + </description> <type>input</type> <size>5</size> <default>1</default> </field> <field> - <fielddescr>ttl</fielddescr> + <fielddescr>TTL</fielddescr> <fieldname>ttl</fieldname> - <description><![CDATA[Specify a TTL to use when sending multicast ICP queries to this address<br> - Only useful when sending to a multicast group. Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the 'multicast-responder' option.]]></description> + <description> + <![CDATA[ + Specify a TTL to use when sending multicast ICP queries to this address. Only useful when sending to a multicast group.<br/> + Note: Because we don't accept ICP replies from random hosts, you must configure other group members as peers with the 'multicast-responder' option. + ]]> + </description> <type>input</type> <size>5</size> <default>1</default> </field> <field> - <fielddescr>no-delay</fielddescr> + <fielddescr>No Delay</fielddescr> <fieldname>nodelay</fieldname> - <description><![CDATA[To prevent access to this neighbor from influencing the delay pools.]]></description> + <description> + <![CDATA[ + Use to prevent access to this neighbor from influencing the delay pools. + ]]> + </description> <type>checkbox</type> </field> <field> - <name>ICP settings</name> + <name>ICP Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>ICP port</fielddescr> + <fielddescr>ICP Port</fielddescr> <fieldname>icpport</fieldname> - <description>Enter the port to connect to the upstream proxy for the ICP protocol. Use port number 7 to disable ICP communication between the proxies.</description> + <description> + <![CDATA[ + Enter the port to connect to the upstream proxy for the ICP protocol.<br/> + <strong>Hint: Use port number 7 to disable ICP communication between the proxies.</strong> + ]]> + </description> <type>input</type> <size>5</size> <default_value>7</default_value> @@ -285,14 +341,16 @@ <field> <fielddescr>ICP Options</fielddescr> <fieldname>icpoptions</fieldname> - <description><![CDATA[You MUST also set icp_port and icp_access explicitly when using these options.<br> - The defaults will prevent peer traffic using ICP<br><br> - <strong>no-query</strong> - Disable ICP queries to this neighbor.<br><br> - <strong>multicast-responder</strong> -Indicates the named peer is a member of a multicast group.<br> - ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.<br><br> - <strong>closest-only</strong> - Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.<br><br> - <strong>background-ping</strong> - To only send ICP queries to this neighbor infrequently.<br> - This is used to keep the neighbor round trip time updated and is usually used in conjunction with weighted-round-robin.]]></description> + <description> + <![CDATA[ + <strong>Note: You MUST also set 'ICP Port' explicitly when using these options.</strong> The defaults will prevent peer traffic using ICP.<br/> + Please see <a href="http://www.squid-cache.org/Doc/config/cache_peer/">cache_peer directive documentation</a> for details.<br/><br/> + <strong>no-query</strong> - Disable ICP queries to this neighbor.<br/> + <strong>multicast-responder</strong> - Indicates the named peer is a member of a multicast group.<br/> + <strong>closest-only</strong> - Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.<br/> + <strong>background-ping</strong> - To only send ICP queries to this neighbor infrequently.<br/> + ]]> + </description> <type>select</type> <default_value>no-query</default_value> <options> @@ -303,7 +361,7 @@ </options> </field> <field> - <name>Auth settings</name> + <name>Auth Settings</name> <type>listtopic</type> </field> <field> @@ -319,25 +377,21 @@ <type>password</type> </field> <field> - <fielddescr>Authentication options</fielddescr> + <fielddescr>Authentication Options</fielddescr> <fieldname>authoption</fieldname> - <description><![CDATA[<br><strong>login=user:password</strong> - If this is a personal/workgroup proxy and your parent requires proxy authentication.<br><br> - <strong>login=PASSTHRU</strong> - Send login details received from client to this peer. Authentication is not required by Squid for this to work.<br> - This will pass any form of authentication but only Basic auth will work through a proxy unless the connection-auth options are also used.<br><br> - <strong>login=PASS</strong> - Send login details received from client to this peer.Authentication is not required by this option.<br> - To combine this with proxy_auth both proxies must share the same user database as HTTP only allows for a single login (one for proxy, one for origin server).<br> - Also be warned this will expose your users proxy password to the peer. USE WITH CAUTION<br><br> - <strong>login=*:password</strong> - Send the username to the upstream cache, but with a fixed password. This is meant to be used when the peer is in another administrative domain, but it is still needed to identify each user.<br><br> - <strong>login=NEGOTIATE</strong> - If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> - The first principal from the default keytab or defined by the environment variable KRB5_KTNAME will be used.<br> - WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br> - <strong>login=NEGOTIATE:principal_name</strong>If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> - The principal principal_name from the default keytab or defined by the environment variable KRB5_KTNAME will be used. - WARNING: The connection may transmit requests from multiple clients. Negotiate often assumes end-to-end authentication and a single-client. Which is not strictly true here.<br><br> - <strong>connection-auth=on</strong> - Tell Squid that this peer does support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br> - Default is auto to automatically determine the status of the peer.<br><br> - <strong>connection-auth=off</strong> - Tell Squid that this peer does not support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br> - Default is auto to automatically determine the status of the peer.]]></description> + <description> + <![CDATA[ + Please see <a href="http://www.squid-cache.org/Doc/config/cache_peer/">cache_peer directive documentation</a> for details.<br/><br/> + <strong>login=user:password</strong> - If this is a personal/workgroup proxy and your parent requires proxy authentication.<br/> + <strong>login=PASSTHRU</strong> - Send login details received from client to this peer. Authentication is not required by Squid for this to work.<br/> + <strong>login=PASS</strong> - Send login details received from client to this peer. Authentication is not required by this option.<br/> + <strong>login=*:password</strong> - Send the username to the upstream cache, but with a fixed password.<br/> + <strong>login=NEGOTIATE</strong> - If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br> + <strong>login=NEGOTIATE:principal_name</strong> - If this is a personal/workgroup proxy and your parent requires a secure proxy authentication.<br/> + <strong>connection-auth=on</strong> - Peer does support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br/> + <strong>connection-auth=off</strong> - Peer does not support Microsoft connection oriented authentication, and any such challenges received from there should be ignored.<br/> + ]]> + </description> <type>select</type> <default_value>login=*:password</default_value> <options> diff --git a/config/squid3/34/squid_users.xml b/config/squid3/34/squid_users.xml index 835cf07b..f67db48e 100755 --- a/config/squid3/34/squid_users.xml +++ b/config/squid3/34/squid_users.xml @@ -2,58 +2,53 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - authng.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 to whom it may belong - Copyright (C) 2012-2014 Marcello Coutinho - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + squid_users.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2014 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>squidusers</name> - <version>none</version> + <version>0.3.5</version> <title>Proxy server: Local users</title> <include_file>/usr/local/pkg/squid.inc</include_file> <delete_string>A proxy server user has been deleted.</delete_string> <addedit_string>A proxy server user has been created/modified.</addedit_string> <tabs> -<tab> + <tab> <text>General</text> <url>/pkg_edit.php?xml=squid.xml&id=0</url> </tab> @@ -87,7 +82,7 @@ <active/> </tab> <tab> - <text>Real time</text> + <text>Real Time</text> <url>/squid_monitor.php</url> </tab> <tab> diff --git a/config/squid3/34/swapstate_check.php b/config/squid3/34/swapstate_check.php index 7a7ccd27..8b4c46bb 100644 --- a/config/squid3/34/swapstate_check.php +++ b/config/squid3/34/swapstate_check.php @@ -2,7 +2,9 @@ <?php /* swapstate_check.php + part of pfSense (https://www.pfSense.org/) Copyright (C) 2011 Jim Pingle + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,26 +31,44 @@ require_once('config.inc'); require_once('util.inc'); require_once('squid.inc'); +global $config; - $settings = $config['installedpackages']['squidcache']['config'][0]; +$settings = $config['installedpackages']['squidcache']['config'][0]; // Only check the cache if Squid is actually caching. // If there is no cache then quietly do nothing. -if ($settings['harddisk_cache_system'] != "null"){ - $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); +if (isset($settings['harddisk_cache_system']) && $settings['harddisk_cache_system'] != "null") { + $cachedir = ($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); $swapstate = $cachedir . '/swap.state'; - if (!file_exists($swapstate)) + if (!file_exists($swapstate)) { return; + } $disktotal = disk_total_space(dirname($cachedir)); $diskfree = disk_free_space(dirname($cachedir)); $diskusedpct = round((($disktotal - $diskfree) / $disktotal) * 100); $swapstate_size = filesize($swapstate); $swapstate_pct = round(($swapstate_size / $disktotal) * 100); - // If the swap.state file is taking up more than 75% disk space, - // or the drive is 90% full and swap.state is larger than 1GB, - // kill it and initiate a rotate to write a fresh copy. - if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024)) || $argv[1]=="clean") { + // If the swap.state file is taking up more than 75% of disk space, + // or the drive is 90% full and swap.state is larger than 1GB, + // kill it and initiate a rotate to write a fresh copy. + $rotate_reason = ""; + if ($swapstate_pct > 75) { + $rotate_reason .= "$cachedir/swap.state file is taking up more than 75% of disk space. "; + } + if ($diskusedpct > 90) { + $rotate_reason .= "$cachedir filesystem is $diskusedpct pct full. "; + } + if ($swapstate_size > 1024*1024*1024) { + $rotate_reason .= "$cachedir/swap.state is larger than 1GB. "; + } + if ($settings['clear_cache'] == 'on') { + $rotate_reason .= "'Clear Cache on Log Rotate' is enabled in 'Local Cache' settings. "; + } + if ($argv[1] == "clean") { + $rotate_reason .= "Clear cache forced by cronjob. "; + } + if (($swapstate_pct > 75) || (($diskusedpct > 90) && ($swapstate_size > 1024*1024*1024)) || $argv[1] == "clean") { squid_dash_z('clean'); - log_error(gettext(sprintf("Squid cache and/or swap.state exceeded size limits. Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); + log_error(gettext(sprintf("$rotate_reason Removing and rotating. File was %d bytes, %d%% of total disk space.", $swapstate_size, $swapstate_pct))); } } ?> diff --git a/config/squidGuard-devel/squidguard_configurator.inc b/config/squidGuard-devel/squidguard_configurator.inc index ff2b9f2c..8fdae6ce 100644 --- a/config/squidGuard-devel/squidguard_configurator.inc +++ b/config/squidGuard-devel/squidguard_configurator.inc @@ -1958,65 +1958,11 @@ function squidguard_cron_install() global $squidguard_config; $on_off = $squidguard_config[F_LOGROTATION] == 'on'; - - $opt = ""; + $cron_cmd = "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE; if ($on_off) { - $opt = array("0", "0", "*", "*", "*", "root", "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE); - } - squidguard_setup_cron("squidGuard_logrotate", $opt, $on_off); -} - -# ------------------------------------------------------------------------------ -# squidguard_setup_cron -# ------------------------------------------------------------------------------ -# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command' -# ------------------------------------------------------------------------------ -function squidguard_setup_cron($task_key, $options, $on_off) -{ - global $config; - $cron_item = array(); - - # $on_off = TRUE/FALSE - install/deinstall cron task: - # prepare new cron item - if (is_array($options)) { - $cron_item['minute'] = $options[0]; - $cron_item['hour'] = $options[1]; - $cron_item['mday'] = $options[2]; - $cron_item['month'] = $options[3]; - $cron_item['wday'] = $options[4]; - $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody'; - $cron_item['command'] = $options[6]; - } - - # unset old cron task with $task_key - if (!empty($task_key)) { - $flag_cron_upd = false; - # delete old cron task if exists - if (is_array($config['cron']['item'])) { - foreach($config['cron']['item'] as $key => $val) { - if (strpos($config['cron']['item'][$key]['command'], $task_key) !== false) { - unset($config['cron']['item'][$key]); - $flag_cron_upd = true; - break; - } - } - } - - # set new cron task - if (($on_off === true) and !empty($cron_item)) { - $config['cron']['item'][] = $cron_item; - $flag_cron_upd = true; - } - - # write config and configure cron only if cron task modified - if ($flag_cron_upd === true) { - write_config("Installed cron task '$task_key' for 'squidGuard' package"); - configure_cron(); - } - } - else { - # ! error $name ! - return; + install_cron_job("{$cron_cmd}", true, "0", "0", "*", "*", "*", "root"); + } else { + install_cron_job("{$cron_cmd}", false); } } diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index 99907451..50835610 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -1968,65 +1968,11 @@ function squidguard_cron_install() global $squidguard_config; $on_off = $squidguard_config[F_LOGROTATION] == 'on'; - - $opt = ""; + $cron_cmd = "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE; if ($on_off) { - $opt = array("0", "0", "*", "*", "*", "root", "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE); - } - squidguard_setup_cron("squidGuard_logrotate", $opt, $on_off); -} - -# ------------------------------------------------------------------------------ -# squidguard_setup_cron -# ------------------------------------------------------------------------------ -# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command' -# ------------------------------------------------------------------------------ -function squidguard_setup_cron($task_key, $options, $on_off) -{ - global $config; - $cron_item = array(); - - # $on_off = TRUE/FALSE - install/deinstall cron task: - # prepare new cron item - if (is_array($options)) { - $cron_item['minute'] = $options[0]; - $cron_item['hour'] = $options[1]; - $cron_item['mday'] = $options[2]; - $cron_item['month'] = $options[3]; - $cron_item['wday'] = $options[4]; - $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody'; - $cron_item['command'] = $options[6]; - } - - # unset old cron task with $task_key - if (!empty($task_key)) { - $flag_cron_upd = false; - # delete old cron task if exists - if (is_array($config['cron']['item'])) { - foreach($config['cron']['item'] as $key => $val) { - if (strpos($config['cron']['item'][$key]['command'], $task_key) !== false) { - unset($config['cron']['item'][$key]); - $flag_cron_upd = true; - break; - } - } - } - - # set new cron task - if (($on_off === true) and !empty($cron_item)) { - $config['cron']['item'][] = $cron_item; - $flag_cron_upd = true; - } - - # write config and configure cron only if cron task modified - if ($flag_cron_upd === true) { - write_config("Installed cron task '$task_key' for 'squidGuard' package"); - configure_cron(); - } - } - else { - # ! error $name ! - return; + install_cron_job("{$cron_cmd}", true, "0", "0", "*", "*", "*", "root"); + } else { + install_cron_job("{$cron_cmd}", false); } } diff --git a/config/sshdcond/sshdcond.inc b/config/sshdcond/sshdcond.inc index 12af3551..9c3a8bb9 100644 --- a/config/sshdcond/sshdcond.inc +++ b/config/sshdcond/sshdcond.inc @@ -39,36 +39,34 @@ function restart_sshd() { function sshdcond_custom_php_install_command() { global $g, $config; - conf_mount_rw(); - /* We need to generate an outfile for our extra commands. The patched g_szSSHDFileGenerate php file then reads and appends that config. */ $fd = fopen("/etc/ssh/sshd_extra", 'w'); fclose($fd); - conf_mount_ro(); } function sshdcond_custom_php_deinstall_command() { global $g, $config; - conf_mount_rw(); - /* Delete our config file. */ unlink_if_exists("/etc/ssh/sshd_extra"); /* Re-run sshd config generation script. */ restart_sshd(); - conf_mount_ro(); } function sshdcond_custom_php_write_config() { global $g, $config, $pkg_interface; /* Detect boot process, do nothing during boot. */ - if (platform_booting()) { + if (function_exists("platform_booting")) { + if (platform_booting()) { + return; + } + } elseif ($g['booting']) { return; } diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc index 4398a0dc..6dc17ef6 100644 --- a/config/stunnel/stunnel.inc +++ b/config/stunnel/stunnel.inc @@ -1,45 +1,73 @@ <?php +/* + stunnel.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2009 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $config; + +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version == "2.1" || $pf_version == "2.2") { define('STUNNEL_LOCALBASE', '/usr/pbi/stunnel-' . php_uname("m")); } else { - define('STUNNEL_LOCALBASE','/usr/local'); + define('STUNNEL_LOCALBASE', '/usr/local'); } define('STUNNEL_ETCDIR', STUNNEL_LOCALBASE . "/etc/stunnel"); -if(!isset($_GET['id']) and !isset($_POST['id'])) { - if($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) { - $savemsg=$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']; +if (!isset($_GET['id']) and !isset($_POST['id'])) { + if ($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) { + $savemsg = $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']; unset($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']); write_config(); } - } -if(isset($_GET['id'])) { - $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']= +if (isset($_GET['id'])) { + $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain'] = base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']); - $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']= + $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key'] = base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']); } -$certs=$config['installedpackages']['stunnelcerts']['config']; -is_array($certs) ? $num_certs=count($certs) : $num_certs=0; -if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { - for ($i=0;$i<$num_certs;$i++) { - $cert=$certs[$i]; - $_info=openssl_x509_parse(base64_decode($cert['cert_chain'])); - $valid=floor(($_info['validTo_time_t']-time())/86400); - if($cert['cert_chain']) { - if(!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) { - $_status='<font color="#AA0000"><b>Invalid key/cert!</b></font>'; - } elseif($valid<30) { - $_status='<font color="#B27D4B">Expires in '.$valid.' days!</font>'; +$certs = $config['installedpackages']['stunnelcerts']['config']; +is_array($certs) ? $num_certs = count($certs) : $num_certs = 0; +if (!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { + for ($i = 0; $i < $num_certs; $i++) { + $cert = $certs[$i]; + $_info = openssl_x509_parse(base64_decode($cert['cert_chain'])); + $valid = floor(($_info['validTo_time_t'] - time()) / 86400); + if ($cert['cert_chain']) { + if (!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) { + $_status = '<font color="#AA0000"><strong>Invalid key/cert!</strong></font>'; + } elseif ($valid < 30) { + $_status = '<font color="#B27D4B">Expires in ' . $valid . ' days!</font>'; } else { - $_status='<font color="#008800">OK ('.$valid.' days)</font>'; + $_status = '<font color="#008800">OK (' . $valid . ' days)</font>'; } - $config['installedpackages']['stunnelcerts']['config'][$i]['status']=$_status; + $config['installedpackages']['stunnelcerts']['config'][$i]['status'] = $_status; } else { unset($config['installedpackages']['stunnelcerts']['config'][$i]); } @@ -47,18 +75,19 @@ if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { } -$tunnels=$config['installedpackages']['stunnel']['config']; -is_array($tunnels) ? $num_tunnels=count($tunnels) : $num_tunnels=0; -if(!isset($_GET['id']) and $num_tunnels) { - for ($i=0;$i<$num_tunnels;$i++) { - $tunnel=$tunnels[$i]; - if($tunnel['certificate']) { - $certid=0; - if(is_array($config['installedpackages']['stunnelcerts']['config'])) { - foreach($config['installedpackages']['stunnelcerts']['config'] as $cert) { - if($tunnel['certificate']==$cert['filename']) +$tunnels = $config['installedpackages']['stunnel']['config']; +is_array($tunnels) ? $num_tunnels = count($tunnels) : $num_tunnels = 0; +if (!isset($_GET['id']) and $num_tunnels) { + for ($i = 0; $i < $num_tunnels; $i++) { + $tunnel = $tunnels[$i]; + if ($tunnel['certificate']) { + $certid = 0; + if (is_array($config['installedpackages']['stunnelcerts']['config'])) { + foreach ($config['installedpackages']['stunnelcerts']['config'] as $cert) { + if ($tunnel['certificate'] == $cert['filename']) { $config['installedpackages']['stunnel']['config'][$i]['certificatelink']= - '<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id='.$certid.'">'.$cert['description'].'</a>'; + '<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id=' . $certid . '">' . $cert['description'] . '</a>'; + } $certid++; } } @@ -67,7 +96,7 @@ if(!isset($_GET['id']) and $num_tunnels) { } function stunnel_printcsr() { -# $GLOBALS['savemsg']="<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'],true) . "</pre>"; +// $GLOBALS['savemsg'] = "<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'], true) . "</pre>"; } function stunnel_addcerts($config) { @@ -75,13 +104,14 @@ function stunnel_addcerts($config) { $tunnels=$config['installedpackages']['stunnel']['config']; ?> <script type="text/javascript"> + //<![CDATA[ function addcerts() { <?php - - foreach($certs as $cert) { + + foreach ($certs as $cert) { echo("document.forms['iform'].certificate.appendChild(new Option('".$cert['description']."', '".$cert['filename']."'));"); } - + ?> } addcerts(); @@ -93,9 +123,9 @@ function stunnel_addcerts($config) { document.forms['iform'].certificate[i].selected = true; } else { document.forms['iform'].certificate[i].selected = false; - } + } } - + //]]> </script> <?php } @@ -103,105 +133,103 @@ function stunnel_addcerts($config) { function stunnel_disablefields() { ?> <script type="text/javascript"> + //<![CDATA[ document.forms['iform'].subject.readOnly=true; document.forms['iform'].filename.readOnly=true; document.forms['iform'].expiry.readOnly=true; + //]]> </script> <?php } function stunnel_delete($config) { $cert=$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]; - if(isset($_GET['id'])) { - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'pem'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'key'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'chain'); + if (isset($_GET['id'])) { + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.pem'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.key'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.chain'); } } function stunnel_save($config) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = ''; conf_mount_rw(); - if (!file_exists(STUNNEL_ETCDIR)) - @mkdir(STUNNEL_ETCDIR, 0755, true); - $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + safe_mkdir(STUNNEL_ETCDIR, 0755); + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); - if(!is_array($config['installedpackages']['stunnel']['config'])) { $config['installedpackages']['stunnel']['config']=Array(); } - foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + if (!is_array($config['installedpackages']['stunnel']['config'])) { + $config['installedpackages']['stunnel']['config'] = array(); + } + foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); - if($pkgconfig['client']) fwrite($fout, "client = yes" . "\n"); - if($pkgconfig['certificate']) { - if(file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and - file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) { + if ($pkgconfig['client']) { + fwrite($fout, "client = yes" . "\n"); + } + if ($pkgconfig['certificate']) { + if (file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) { fwrite($fout, "key = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".key\n"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".chain\n"); } } - if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + if ($pkgconfig['sourceip']) { + fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + } fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); } fclose($fout); conf_mount_ro(); - system("/usr/local/etc/rc.d/stunnel.sh stop 2>/dev/null"); - system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null"); + stop_service("stunnel"); + start_service("stunnel"); } + function stunnel_save_cert($config) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; - if(isset($_POST['id'])) { -# echo "<pre>"; -# print_r($_POST); -# echo "</pre>"; - - if(!$_POST['cert_chain']) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate chain must be specified!<br>"; - } if(!$_POST['cert_key']) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="RSA Key must be specified!<br>"; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = ''; + if (isset($_POST['id'])) { + if (!$_POST['cert_chain']) { + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate chain must be specified!<br />"; + } + if (!$_POST['cert_key']) { + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "RSA Key must be specified!<br />"; } - if($_POST['cert_chain'] and $_POST['cert_key']) { - $_cert=openssl_x509_parse($_POST['cert_chain']); -# echo("<pre>"); -# print_r($_cert); -# echo("</pre>"); - if($_cert['hash']) { - if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', - $_POST['cert_key']); - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.chain', - $_POST['cert_chain']); - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', - $_POST['cert_key']."\n".$_POST['cert_chain']); + if ($_POST['cert_chain'] and $_POST['cert_key']) { + $_cert = openssl_x509_parse($_POST['cert_chain']); + if ($_cert['hash']) { + if (openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { + file_put_contents(STUNNEL_ETCDIR . '/'. $_cert['hash'] . '.key', $_POST['cert_key']); + file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.chain', $_POST['cert_chain']); + file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', $_POST['cert_key']."\n".$_POST['cert_chain']); system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*'); - chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', 0600); - chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', 0600); + chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.key', 0600); + chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', 0600); - $_POST['filename']=$_cert['hash']; - $_POST['expiry_raw']=$_cert['validTo_time_t']; - $_POST['expiry']=date('Y-m-d', $_cert['validTo_time_t']); - $_POST['subject']=$_cert['name']; + $_POST['filename'] = $_cert['hash']; + $_POST['expiry_raw'] = $_cert['validTo_time_t']; + $_POST['expiry'] = date('Y-m-d', $_cert['validTo_time_t']); + $_POST['subject'] = $_cert['name']; } else { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate and key do not match!<br>"; - $_POST['filename']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate and key do not match!<br />"; + $_POST['filename'] = ''; } } else { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Couldn't parse certificate!<br>"; - $_POST['expiry_raw']=''; - $_POST['expiry']=''; - $_POST['subject']=''; - $_POST['filename']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Couldn't parse certificate!<br />"; + $_POST['expiry_raw'] = ''; + $_POST['expiry'] = ''; + $_POST['subject'] = ''; + $_POST['filename'] = ''; } } - $_POST['cert_key']=base64_encode($_POST['cert_key']); - $_POST['cert_chain']=base64_encode($_POST['cert_chain']); - $_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; - if($_fname and $_fname!=$_POST['filename']) { - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.chain'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.key'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.pem'); + $_POST['cert_key'] = base64_encode($_POST['cert_key']); + $_POST['cert_chain'] = base64_encode($_POST['cert_chain']); + $_fname = $GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; + if ($_fname and $_fname != $_POST['filename']) { + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.chain'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.key'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.pem'); } } } @@ -212,35 +240,34 @@ function stunnel_install() { chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600); @mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); - $_rcfile['file']='stunnel.sh'; - $_rcfile['start'].= STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; - $_rcfile['stop'].="killall stunnel \n\t"; + $_rcfile['file'] = 'stunnel.sh'; + $_rcfile['start'] = STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; + $_rcfile['stop'] = "/usr/bin/killall stunnel \n\t"; write_rcfile($_rcfile); unlink_if_exists("/usr/local/etc/rc.d/stunnel"); - - conf_mount_rw(); - $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); - if($config['installedpackages']['stunnel']['config']) { - foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + if ($config['installedpackages']['stunnel']['config']) { + foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); - if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + if ($pkgconfig['sourceip']) { + fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + } fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); } } fclose($fout); - conf_mount_ro(); } function stunnel_deinstall() { rmdir_recursive("/var/tmp/stunnel"); rmdir_recursive(STUNNEL_ETCDIR); - unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh"); } ?> diff --git a/config/stunnel/stunnel.xml b/config/stunnel/stunnel.xml index bb66d196..c8957ba8 100644 --- a/config/stunnel/stunnel.xml +++ b/config/stunnel/stunnel.xml @@ -1,71 +1,68 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - stunnel.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + stunnel.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2008 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>stunnel</name> - <version>4.18</version> + <version>5.20.2</version> <title>Services: Secure Tunnel</title> - <!-- Menu is where this packages menu will appear --> <menu> <name>STunnel</name> - <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.</tooltiptext> + <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. + It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. + It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. + It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.</tooltiptext> <section>Services</section> <configfile>stunnel.xml</configfile> </menu> - + <include_file>/usr/local/pkg/stunnel.inc</include_file> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/stunnel/stunnel.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/stunnel/stunnel_certs.xml</item> </additional_files_needed> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> <configpath>['installedpackages']['package']['$packagename']['configuration']</configpath> - <tabs> <tab> <text>Tunnels</text> @@ -77,9 +74,11 @@ <url>/pkg.php?xml=stunnel_certs.xml</url> </tab> </tabs> - - <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit - items. An example of this would be the nat page where you add new nat redirects --> + <service> + <name>stunnel</name> + <rcfile>stunnel.sh</rcfile> + <executable>stunnel</executable> + </service> <adddeleteeditpagefields> <columnitem> <fielddescr>Description</fielddescr> @@ -106,8 +105,6 @@ <fieldname>redirectport</fieldname> </columnitem> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Description</fielddescr> @@ -118,7 +115,7 @@ <field> <fielddescr>Client Mode</fielddescr> <fieldname>client</fieldname> - <description>Use client mode for this tunnel (i.e. connect to an SSL server, do not act as an SSL server)</description> + <description>Use client mode for this tunnel (i.e. connect to an SSL server, do not act as an SSL server).</description> <type>checkbox</type> </field> <field> @@ -128,7 +125,7 @@ <type>input</type> </field> <field> - <fielddescr>Listen on port</fielddescr> + <fielddescr>Listen on Port</fielddescr> <fieldname>localport</fieldname> <description>Enter the local port to bind this redirection to.</description> <type>input</type> @@ -156,18 +153,12 @@ <type>input</type> </field> <field> - <fielddescr>Outgoing source IP</fielddescr> + <fielddescr>Outgoing Source IP</fielddescr> <fieldname>sourceip</fieldname> <description>Enter the source IP address for outgoing connections.</description> <type>input</type> </field> </fields> - <service> - <name>stunnel</name> - <rcfile>stunnel.sh</rcfile> - <executable>stunnel</executable> - </service> - <include_file>/usr/local/pkg/stunnel.inc</include_file> <custom_add_php_command_late> stunnel_save($config); </custom_add_php_command_late> diff --git a/config/stunnel/stunnel_certs.xml b/config/stunnel/stunnel_certs.xml index 5ea07328..ce1dcf52 100644 --- a/config/stunnel/stunnel_certs.xml +++ b/config/stunnel/stunnel_certs.xml @@ -1,53 +1,51 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - stunnel.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2009 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + stunnel_certs.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2009 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Stunnel certificates</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>stunnelcerts</name> - <version>4.18</version> + <version>5.20.2</version> <title>Services: Secure Tunnel - Certificates</title> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> + <include_file>/usr/local/pkg/stunnel.inc</include_file> <configpath>['installedpackages']['package']['$packagename']['configuration']</configpath> - <tabs> <tab> <text>Tunnels</text> @@ -59,9 +57,6 @@ <active/> </tab> </tabs> - - <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit - items. An example of this would be the nat page where you add new nat redirects --> <adddeleteeditpagefields> <columnitem> <fielddescr>Description</fielddescr> @@ -79,55 +74,59 @@ <fielddescr>Status</fielddescr> <fieldname>status</fieldname> </columnitem> - </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Enter a (short) description for this certificate</description> + <description>Enter a (short) description for this certificate.</description> <type>input</type> </field> <field> - <fielddescr>Certificate filename</fielddescr> + <fielddescr>Certificate Filename</fielddescr> <fieldname>filename</fieldname> <description>File name of certificate (read-only; updated on save). Extensions (.pem, .chain, .key) are added automatically.</description> <type>input</type> </field> <field> - <fielddescr>Certificate subject</fielddescr> + <fielddescr>Certificate Subject</fielddescr> <fieldname>subject</fieldname> <description>Certificate subject (read-only; updated on save)</description> <type>input</type> <size>50</size> </field> <field> - <fielddescr>Certificate valid until</fielddescr> + <fielddescr>Certificate Valid Until</fielddescr> <fieldname>expiry</fieldname> <description>The certificate will expire on this date, and will no longer work.</description> <type>input</type> </field> <field> - <fielddescr>RSA private key</fielddescr> + <fielddescr>RSA Private Key</fielddescr> <fieldname>cert_key</fieldname> - <description>RSA private key used for certificate. Do not change for existing certificates!<br></description> + <description> + <![CDATA[ + RSA private key used for certificate. Do not change for existing certificates!<br /> + ]]> + </description> <type>textarea</type> <rows>7</rows> - <cols>65</cols> + <cols>70</cols> </field> <field> - <fielddescr>Certificate chain</fielddescr> + <fielddescr>Certificate Chain</fielddescr> <fieldname>cert_chain</fieldname> - <description>Full certificate chain; root certificate on top, then any intermediates, server certificate at the end.<br> - <b>Full chain required for private or EV certificates!</b></description> + <description> + <![CDATA[ + Full certificate chain; root certificate on top, then any intermediates, server certificate at the end.<br /> + <strong>Full chain required for private or EV certificates!</strong> + ]]> + </description> <type>textarea</type> <rows>7</rows> - <cols>65</cols> + <cols>70</cols> </field> </fields> - <include_file>/usr/local/pkg/stunnel.inc</include_file> <custom_add_php_command> stunnel_save_cert($config); stunnel_save($config); diff --git a/config/syslog-ng/syslog-ng.inc b/config/syslog-ng/syslog-ng.inc index f0c17ff1..41fce416 100644 --- a/config/syslog-ng/syslog-ng.inc +++ b/config/syslog-ng/syslog-ng.inc @@ -52,28 +52,25 @@ function syslogng_get_real_interface_address($interface) { } function syslogng_install_command() { - conf_mount_rw(); if (is_link("/usr/local/lib/syslog-ng")) { unlink("/usr/local/lib/syslog-ng"); } if (!file_exists("/usr/local/lib/syslog-ng")) { @symlink(SYSLOGNG_BASEDIR . "local/lib/syslog-ng", "/usr/local/lib/syslog-ng"); } - syslogng_install_cron(true); - conf_mount_ro(); + $crontask = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; + install_cron_job("${crontask}", true, "0"); syslogng_resync(); } function syslogng_deinstall_command() { - conf_mount_rw(); - service_stop("syslog-ng"); - unlink_if_exists("/usr/local/etc/rc.d/syslog-ng.sh"); - if (is_link("/usr/local/lib/syslog-ng")) + if (is_link("/usr/local/lib/syslog-ng")) { unlink("/usr/local/lib/syslog-ng"); - syslogng_install_cron(false); + } + $crontask = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; + install_cron_job("${crontask}", false); unlink_if_exists("/usr/local/etc/logrotate.conf"); unlink_if_exists("/usr/local/etc/syslog-ng.conf"); - conf_mount_ro(); filter_configure(); } @@ -143,62 +140,6 @@ function syslogng_validate_advanced($post, &$input_errors) { } } -function syslogng_install_cron($should_install) { - global $config; - - if (platform_booting()) { - return; - } - - if (!$config['cron']['item']) { - return; - } - - $x=0; - $rotate_job_id=-1; - $rotate_is_installed = false; - - foreach ($config['cron']['item'] as $item) { - if (strstr($item['task_name'], "syslogng_rotate_logs")) { - $rotate_job_id = $x; - } - $x++; - } - $need_write = false; - switch ($should_install) { - case true: - if ($rotate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "syslogng_rotate_logs"; - $cron_item['minute'] = "0"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Adding syslog-ng Cron Jobs"); - } - break; - case false: - if ($rotate_job_id >= 0) { - unset($config['cron']['item'][$rotate_job_id]); - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Removing syslog-ng Cron Jobs"); - } - break; - } - configure_cron(); -} - function syslogng_build_default_objects($settings) { $default_objects = array(); diff --git a/config/systempatches/patches.inc b/config/systempatches/patches.inc index 0aa37fb8..2298e170 100644 --- a/config/systempatches/patches.inc +++ b/config/systempatches/patches.inc @@ -94,6 +94,12 @@ function patch_fetch(& $patch) { return false; } else { $patch['patch'] = base64_encode($text); + // Detect pfSense move from / to /src and fix pathstrip + if (is_github_url($patch['location']) && + $patch['pathstrip'] == 1 && + preg_match('/\n--- a\/src\//', $text)) { + $patch['pathstrip'] = 2; + } write_config("Fetched patch {$patch['descr']}"); return true; } diff --git a/config/systempatches/systempatches.xml b/config/systempatches/systempatches.xml index 06f024a8..61f3df84 100644 --- a/config/systempatches/systempatches.xml +++ b/config/systempatches/systempatches.xml @@ -43,7 +43,7 @@ </copyright> <description>System Patches applies patches supplied by the user to the firewall.</description> <name>System Patches</name> - <version>1.0.5</version> + <version>1.0.6</version> <title>System: Patches</title> <include_file>/usr/local/pkg/patches.inc</include_file> <menu> diff --git a/config/tftp2/tftp.inc b/config/tftp2/tftp.inc index a2b7d1e3..67054619 100644 --- a/config/tftp2/tftp.inc +++ b/config/tftp2/tftp.inc @@ -45,7 +45,6 @@ function tftp_install_command() { $tftpbackup = "/root/backup/tftp.bak.tgz"; // Create the directories if required - conf_mount_rw(); safe_mkdir("{$tftpdir}", 0777); safe_mkdir("/root/backup/"); @@ -55,14 +54,11 @@ function tftp_install_command() { system("/bin/chmod -R 0744 {$tftpdir}/*"); unset($tftpbackup); } - conf_mount_ro(); } function tftp_deinstall_command() { - conf_mount_rw(); unlink_if_exists("/usr/local/etc/rc.d/tftp.sh"); unlink_if_exists("/tmp/pkg_mgr_tftp.log"); - conf_mount_ro(); } function tftp_generate_rules($type) { diff --git a/config/tinc/pkg_tinc.inc b/config/tinc/pkg_tinc.inc index b5b223b0..1ec4ebc0 100644 --- a/config/tinc/pkg_tinc.inc +++ b/config/tinc/pkg_tinc.inc @@ -3,7 +3,7 @@ global $shortcuts; $shortcuts['tinc'] = array(); -$shortcuts['tinc']['main'] = "pkg_edit.php?xml=tinc_config.xml"; +$shortcuts['tinc']['main'] = "pkg_edit.php?xml=tinc.xml"; $shortcuts['tinc']['status'] = "status_tinc.php"; $shortcuts['tinc']['log'] = "diag_pkglogs.php?pkg=tinc"; $shortcuts['tinc']['service'] = "tinc"; diff --git a/config/tinc/status_tinc.php b/config/tinc/status_tinc.php index f50ea640..59a1cb6e 100644 --- a/config/tinc/status_tinc.php +++ b/config/tinc/status_tinc.php @@ -1,88 +1,107 @@ <?php +/* + status_tinc.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2015 ESF, LLC + All rights reserved. -$pgtitle = array(gettext("Status"), "tinc"); + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require("guiconfig.inc"); -function tinc_status_1() { - exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR1"); +function tinc_status_usr1() { + exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR1"); usleep(500000); - $clog_path = ""; + $clog_path = "/usr/local/sbin/clog"; $result = array(); - if (is_executable("/usr/local/sbin/clog")) { - $clog_path = "/usr/local/sbin/clog"; - } elseif (is_executable("/usr/sbin/clog")) { - $clog_path = "/usr/sbin/clog"; - } - if (!empty($clog_path)) - exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); - $i=0; - foreach($result as $line) - { - if(preg_match("/Connections:/",$line)) - $begin=$i; - if(preg_match("/End of connections./",$line)) - $end=$i; + exec("{$clog_path} /var/log/tinc.log | /usr/bin/sed -e 's/.*tinc\[.*\]: //'", $result); + $i = 0; + foreach ($result as $line) { + if (preg_match("/Connections:/", $line)) { + $begin = $i; + } + if (preg_match("/End of connections./", $line)) { + $end = $i; + } $i++; } - $output=""; - $i=0; - foreach($result as $line) - { - if($i >= $begin && $i<= $end) + $output = ""; + $i = 0; + foreach ($result as $line) { + if ($i >= $begin && $i<= $end) { $output .= $line . "\n"; + } $i++; } return $output; } -function tinc_status_2() { - exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR2"); +function tinc_status_usr2() { + exec("/usr/local/sbin/tincd --config=/usr/local/etc/tinc -kUSR2"); usleep(500000); - $clog_path = ""; + $clog_path = "/usr/local/sbin/clog"; $result = array(); - if (is_executable("/usr/local/sbin/clog")) { - $clog_path = "/usr/local/sbin/clog"; - } elseif (is_executable("/usr/sbin/clog")) { - $clog_path = "/usr/sbin/clog"; - } - if (!empty($clog_path)) - exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); - $i=0; - foreach($result as $line) - { - if(preg_match("/Statistics for Generic BSD tun device/",$line)) - $begin=$i; - if(preg_match("/End of subnet list./",$line)) - $end=$i; + exec("{$clog_path} /var/log/tinc.log | sed -e 's/.*tinc\[.*\]: //'",$result); + $i = 0; + foreach ($result as $line) { + if (preg_match("/Statistics for Generic BSD tun device/",$line)) { + $begin = $i; + } + if (preg_match("/End of subnet list./",$line)) { + $end = $i; + } $i++; } $output=""; - $i=0; - foreach($result as $line) - { - if($i >= $begin && $i<= $end) + $i = 0; + foreach ($result as $line) { + if ($i >= $begin && $i<= $end) { $output .= $line . "\n"; + } $i++; } return $output; } $shortcut_section = "tinc"; -include("head.inc"); ?> +$pgtitle = array(gettext("Status"), "tinc"); +include("head.inc"); +?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC" onload="<?=$jsevents["body"]["onload"];?>"> <?php include("fbegin.inc"); ?> -Connection list:<BR> +<strong>Connection list:</strong><br /> <pre> -<?php print tinc_status_1(); ?> +<?php print tinc_status_usr1(); ?> </pre> -<BR> -Virtual network device statistics, all known nodes, edges and subnets:<BR> +<br /> +<strong>Virtual network device statistics, all known nodes, edges and subnets:</strong><br /> <pre> -<?php print tinc_status_2(); ?> +<?php print tinc_status_usr2(); ?> </pre> <?php include("fend.inc"); ?> +</body> +</html> diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc index 82d5b453..81e506b4 100644 --- a/config/tinc/tinc.inc +++ b/config/tinc/tinc.inc @@ -1,204 +1,255 @@ <?php - +/* + tinc.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ + +/* include_once('guiconfig.inc'); is needed for clear_log_file() during package installation while booting. + * However, guiconfig.inc includes authgui.inc which requires a valid php session_auth() and exits when not found. + * So we include the function here. +*/ if (!function_exists('clear_log_file')) { -//include_once('guiconfig.inc'); // needed for clear_log_file() during package installation while booting -//however guiconfig.inc includes authgui.inc which requires a valid php session_auth(), and exits when not found.. -//so include the function here.. + function clear_log_file($logfile = "/var/log/system.log", $restart_syslogd = true) { global $config, $g; - if ($restart_syslogd) + if ($restart_syslogd) { exec("/usr/bin/killall syslogd"); - if(isset($config['system']['disablesyslogclog'])) { + } + if (isset($config['system']['disablesyslogclog'])) { unlink($logfile); touch($logfile); } else { $log_size = isset($config['syslog']['logfilesize']) ? $config['syslog']['logfilesize'] : "511488"; - if(isset($config['system']['usefifolog'])) + if (isset($config['system']['usefifolog'])) { exec("/usr/sbin/fifolog_create -s {$log_size} " . escapeshellarg($logfile)); - else + } else { exec("/usr/local/sbin/clog -i -s {$log_size} " . escapeshellarg($logfile)); + } } - if ($restart_syslogd) + if ($restart_syslogd) { system_syslogd_start(); + } } } function tinc_save() { - global $config; + global $config, $configpath; + $configpath = '/usr/local/etc/tinc/'; + conf_mount_rw(); - exec("/bin/mv -f /usr/local/etc/tinc /usr/local/etc/tinc.old"); - safe_mkdir("/usr/local/etc/tinc"); - safe_mkdir("/usr/local/etc/tinc/hosts"); - exec("touch /usr/local/etc/tinc/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI"); + + rename("{$configpath}", "{$configpath}.old"); + safe_mkdir("{$configpath}"); + safe_mkdir("{$configpath}/hosts"); + touch("{$configpath}/WARNING-ENTIRE_DIRECTORY_ERASED_ON_SAVE_FROM_GUI"); $tincconf = &$config['installedpackages']['tinc']['config'][0]; - $fout = fopen("/usr/local/etc/tinc/tinc.conf","w"); + $fout = fopen("{$configpath}/tinc.conf", "w"); // No proper config, bail out. - if (!isset($tincconf['name']) || empty($tincconf['name'])) + if (!isset($tincconf['name']) || empty($tincconf['name'])) { + log_error("[tinc] Cannot configure (name not set). Check your configuration."); return; + } - fwrite($fout, "name=".$tincconf['name']."\n"); - fwrite($fout, "AddressFamily=".$tincconf['addressfamily']."\n"); - if(!is_array($config['installedpackages']['tinchosts']['config'])) { $config['installedpackages']['tinchosts']['config']=Array(); } - foreach($config['installedpackages']['tinchosts']['config'] as $host) { - if($host['connect']) - { + fwrite($fout, "name=" . $tincconf['name'] . "\n"); + fwrite($fout, "AddressFamily=" . $tincconf['addressfamily'] . "\n"); + if (!is_array($config['installedpackages']['tinchosts']['config'])) { + $config['installedpackages']['tinchosts']['config']= array(); + } + foreach ($config['installedpackages']['tinchosts']['config'] as $host) { + if($host['connect']) { fwrite($fout, "ConnectTo=" . $host['name'] . "\n"); } - - $_output = "Address=".$host['address']."\n"; - $_output .= "Subnet=".$host['subnet']."\n"; - $_output .= base64_decode($host['extra'])."\n"; - $_output .= base64_decode($host['cert_pub'])."\n"; - file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'],$_output); - if($host['host_up']) - { - file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-up',str_replace("\r", "", base64_decode($host['host_up']))."\n"); - chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-up', 0744); + + $_output = "Address=" . $host['address'] . "\n"; + $_output .= "Subnet=" . $host['subnet'] . "\n"; + $_output .= base64_decode($host['extra']) . "\n"; + $_output .= base64_decode($host['cert_pub']) . "\n"; + file_put_contents("{$configpath}/hosts/" . $host['name'], $_output); + if ($host['host_up']) { + file_put_contents("{$configpath}/hosts/" . $host['name'] . '-up', str_replace("\r", "", base64_decode($host['host_up'])) . "\n"); + chmod("{$configpath}/hosts/" . $host['name'] . '-up', 0744); } - if($host['host_down']) - { - file_put_contents('/usr/local/etc/tinc/hosts/'.$host['name'].'-down',str_replace("\r", "", base64_decode($host['host_down']))."\n"); - chmod('/usr/local/etc/tinc/hosts/'.$host['name'].'-down', 0744); + if ($host['host_down']) { + file_put_contents("{$configpath}/hosts/" . $host['name'] . '-down', str_replace("\r", "", base64_decode($host['host_down'])) . "\n"); + chmod("{$configpath}/hosts/" . $host['name'] . '-down', 0744); } } - fwrite($fout, base64_decode($tincconf['extra'])."\n"); + fwrite($fout, base64_decode($tincconf['extra']) . "\n"); fclose($fout); // Check if we need to generate a new RSA key pair. - if ($tincconf['gen_rsa']) - { - safe_mkdir("/usr/local/etc/tinc/tmp"); - exec("/usr/local/sbin/tincd -c /usr/local/etc/tinc/tmp -K"); - $tincconf['cert_pub'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.pub')); - $tincconf['cert_key'] = base64_encode(file_get_contents('/usr/local/etc/tinc/tmp/rsa_key.priv')); + if ($tincconf['gen_rsa']) { + safe_mkdir("{$configpath}/tmp"); + exec("/usr/local/sbin/tincd -c {$configpath}/tmp -K"); + $tincconf['cert_pub'] = base64_encode(file_get_contents("{$configpath}/tmp/rsa_key.pub")); + $tincconf['cert_key'] = base64_encode(file_get_contents("{$configpath}/tmp/rsa_key.priv")); $tincconf['gen_rsa'] = false; $config['installedpackages']['tinc']['config'][0]['cert_pub'] = $tincconf['cert_pub']; $config['installedpackages']['tinc']['config'][0]['cert_key'] = $tincconf['cert_key']; $config['installedpackages']['tinc']['config'][0]['gen_rsa'] = $tincconf['gen_rsa']; - rmdir_recursive("/usr/local/etc/tinc/tmp"); - write_config(); + rmdir_recursive("{$configpath}/tmp"); + write_config("[tinc] New RSA key pair generated."); } $_output = "Subnet=" . $tincconf['localsubnet'] . "\n"; $_output .= base64_decode($tincconf['host_extra']) . "\n"; $_output .= base64_decode($tincconf['cert_pub']) . "\n"; - file_put_contents('/usr/local/etc/tinc/hosts/' . $tincconf['name'],$_output); - file_put_contents('/usr/local/etc/tinc/rsa_key.priv',base64_decode($tincconf['cert_key'])."\n"); - chmod("/usr/local/etc/tinc/rsa_key.priv", 0600); - if($tincconf['tinc_up']) - { + file_put_contents("{$configpath}/hosts/" . $tincconf['name'], $_output); + file_put_contents("{$configpath}/rsa_key.priv", base64_decode($tincconf['cert_key']) . "\n"); + chmod("{$configpath}/rsa_key.priv", 0600); + if ($tincconf['tinc_up']) { $_output = base64_decode($tincconf['tinc_up']) . "\n"; - } - else - { + } else { $_output = "ifconfig \$INTERFACE " . $tincconf['localip'] . " netmask " . $tincconf['vpnnetmask'] . "\n"; $_output .= "ifconfig \$INTERFACE group tinc\n"; } - file_put_contents('/usr/local/etc/tinc/tinc-up',$_output); - chmod("/usr/local/etc/tinc/tinc-up", 0744); - if($tincconf['tinc_down']) - { - file_put_contents('/usr/local/etc/tinc/tinc-down',str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n"); - chmod("/usr/local/etc/tinc/tinc-down", 0744); - } - if($tincconf['host_up']) - { - file_put_contents('/usr/local/etc/tinc/host-up',str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n"); - chmod("/usr/local/etc/tinc/host-up", 0744); - } - if($tincconf['host_down']) - { - file_put_contents('/usr/local/etc/tinc/host-down',str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n"); - chmod("/usr/local/etc/tinc/host-down", 0744); - } - if($tincconf['subnet_up']) - { - file_put_contents('/usr/local/etc/tinc/subnet-up',str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n"); - chmod("/usr/local/etc/tinc/subnet-up", 0744); - } - if($tincconf['subnet_down']) - { - file_put_contents('/usr/local/etc/tinc/subnet-down',str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n"); - chmod("/usr/local/etc/tinc/subnet-down", 0744); - } - system("/usr/local/etc/rc.d/tinc.sh restart 2>/dev/null"); - rmdir_recursive("/usr/local/etc/tinc.old"); + file_put_contents("{$configpath}/tinc-up", $_output); + chmod("{$configpath}/tinc-up", 0744); + if ($tincconf['tinc_down']) { + file_put_contents("{$configpath}/tinc-down", str_replace("\r", "", base64_decode($tincconf['tinc_down'])) . "\n"); + chmod("{$configpath}/tinc-down", 0744); + } + if ($tincconf['host_up']) { + file_put_contents("{$configpath}/host-up", str_replace("\r", "", base64_decode($tincconf['host_up'])) . "\n"); + chmod("{$configpath}/host-up", 0744); + } + if ($tincconf['host_down']) { + file_put_contents("{$configpath}/host-down", str_replace("\r", "", base64_decode($tincconf['host_down'])) . "\n"); + chmod("{$configpath}/host-down", 0744); + } + if ($tincconf['subnet_up']) { + file_put_contents("{$configpath}/subnet-up", str_replace("\r", "", base64_decode($tincconf['subnet_up'])) . "\n"); + chmod("{$configpath}/subnet-up", 0744); + } + if ($tincconf['subnet_down']) { + file_put_contents("{$configpath}/subnet-down", str_replace("\r", "", base64_decode($tincconf['subnet_down'])) . "\n"); + chmod("{$configpath}/subnet-down", 0744); + } + + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pfs_version == "2.2") { + $pbietcpath = '/usr/pbi/tinc-' . php_uname("m") . '/local/etc'; + unlink_if_exists("{$pbietcpath}/tinc"); + symlink($configpath, "{$pbietcpath}/tinc"); + } + + if ($tincconf['enable'] != "") { + restart_service("tinc"); + } elseif (is_process_running("tincd")) { + stop_service("tinc"); + } + rmdir_recursive("/usr/local/etc/tinc.old"); conf_mount_ro(); } function tinc_install() { global $config; + safe_mkdir("/usr/local/etc/tinc"); safe_mkdir("/usr/local/etc/tinc/hosts"); - $_rcfile['file']='tinc.sh'; - $_rcfile['start'].="/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t"; - $_rcfile['stop'].="/usr/local/sbin/tincd --kill \n\t"; - write_rcfile($_rcfile); + $rc['file'] = 'tinc.sh'; + $rc['start'] .= "/usr/local/sbin/tincd --config=/usr/local/etc/tinc\n\t"; + $rc['stop'] .= "/usr/local/sbin/tincd --kill \n\t"; + write_rcfile($rc); unlink_if_exists("/usr/local/etc/rc.d/tincd"); clear_log_file("/var/log/tinc.log"); - - conf_mount_rw(); - /* Create Interface Group */ - if (!is_array($config['ifgroups']['ifgroupentry'])) - $config['ifgroups']['ifgroupentry'] = array(); - - $a_ifgroups = &$config['ifgroups']['ifgroupentry']; - $ifgroupentry = array(); - $ifgroupentry['members'] = ''; - $ifgroupentry['descr'] = 'tinc mesh VPN interface group'; - $ifgroupentry['ifname'] = 'tinc'; - $a_ifgroups[] = $ifgroupentry; + /* Create Interface Group */ + if (!is_array($config['ifgroups']['ifgroupentry'])) { + $config['ifgroups']['ifgroupentry'] = array(); + } - /* XXX: Do not remove this. */ - mwexec("/bin/rm -f /tmp/config.cache"); + $a_ifgroups = &$config['ifgroups']['ifgroupentry']; + $ifgroupentry = array(); + $ifgroupentry['members'] = ''; + $ifgroupentry['descr'] = 'tinc mesh VPN interface group'; + $ifgroupentry['ifname'] = 'tinc'; + $a_ifgroups[] = $ifgroupentry; - write_config(); + /* XXX: Do not remove this. WTH?! */ + mwexec("/bin/rm -f /tmp/config.cache"); - conf_mount_ro(); + write_config("[tinc] Package installed."); } function tinc_deinstall() { global $config; - /* Remove Interface Group */ - conf_mount_rw(); - if (!is_array($config['ifgroups']['ifgroupentry'])) - $config['ifgroups']['ifgroupentry'] = array(); - - $a_ifgroups = &$config['ifgroups']['ifgroupentry']; - - $myid=-1; - $i = 0; - foreach ($a_ifgroups as $ifgroupentry) - { - if($ifgroupentry['ifname']=='tinc') - { - $myid=$i; - break; - } - $i++; - } - - if ($myid >= 0 && $a_ifgroups[$myid]) - { - $members = explode(" ", $a_ifgroups[$_GET['id']]['members']); - foreach ($members as $ifs) - { - $realif = get_real_interface($ifs); - if ($realif) - mwexec("/sbin/ifconfig {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname'])); - } - unset($a_ifgroups[$myid]); - mwexec("/bin/rm -f /tmp/config.cache"); - write_config(); - } - conf_mount_ro(); + /* Remove Interface Group */ + if (!is_array($config['ifgroups']['ifgroupentry'])) { + $config['ifgroups']['ifgroupentry'] = array(); + } + + $a_ifgroups = &$config['ifgroups']['ifgroupentry']; + + $myid = -1; + $i = 0; + foreach ($a_ifgroups as $ifgroupentry) { + if ($ifgroupentry['ifname'] == 'tinc') { + $myid = $i; + break; + } + $i++; + } + + if ($myid >= 0 && $a_ifgroups[$myid]) { + $members = explode(" ", $a_ifgroups[$_GET['id']]['members']); + foreach ($members as $ifs) { + $realif = get_real_interface($ifs); + if ($realif) { + mwexec("/sbin/ifconfig {$realif} -group " . escapeshellarg($a_ifgroups[$_GET['id']]['ifname'])); + } + } + unset($a_ifgroups[$myid]); + /* WTH?! */ + mwexec("/bin/rm -f /tmp/config.cache"); + write_config("[tinc] Package uninstalled."); + } rmdir_recursive("/var/tmp/tinc"); rmdir_recursive("/usr/local/etc/tinc*"); - unlink_if_exists("/usr/local/etc/rc.d/tinc.sh"); } +function tinc_validate_input($post, &$input_errors) { + if ($post['localip']) { + if ((!is_ipaddr($post['localip'])) && (!is_hostname($post['localip']))) { + $input_errors[] = gettext("'Local IP' must be a valid IP address or hostname."); + } + } + if ($post['address']) { + if ((!is_ipaddr($post['address'])) && (!is_hostname($post['address']))) { + $input_errors[] = gettext("'Host Address' must be a valid IP address or hostname."); + } + } + if (($post['localsubnet']) && (!is_subnet($post['localsubnet']))) { + $input_errors[] = gettext("'Local Subnet' must be a valid subnet."); + } + if (($post['subnet']) && (!is_subnet($post['subnet']))) { + $input_errors[] = gettext("'Subnet' must be a valid subnet."); + } +} ?> diff --git a/config/tinc/tinc.xml b/config/tinc/tinc.xml index 183ae161..89d1e8ce 100644 --- a/config/tinc/tinc.xml +++ b/config/tinc/tinc.xml @@ -1,103 +1,317 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - tinc.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + tinc.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> + <description>A self-contained VPN solution designed to connect multiple sites together in a secure way.</description> <name>tinc</name> - <version>1.0.23 v1.2.1</version> - <title>VPN: tinc</title> - <!-- Menu is where this packages menu will appear --> + <version>1.2.2</version> + <title>VPN: tinc - Config</title> + <include_file>/usr/local/pkg/tinc.inc</include_file> + <configpath>['installedpackages']['package']['$packagename']['config']</configpath> <menu> <name>tinc</name> - <tooltiptext>tinc is a mesh VPN daemon.</tooltiptext> <section>VPN</section> - <configfile>tinc_config.xml</configfile> - <url>/pkg_edit.php?xml=tinc_config.xml</url> + <configfile>tinc.xml</configfile> + <url>/pkg_edit.php?xml=tinc.xml</url> </menu> <menu> - <name>tincd</name> - <tooltiptext>Status of tinc VPN Daemon</tooltiptext> + <name>tinc VPN</name> <section>Status</section> <url>/status_tinc.php</url> </menu> - + <service> + <name>tinc</name> + <rcfile>tinc.sh</rcfile> + <executable>tincd</executable> + <description>Tinc Mesh VPN</description> + </service> + <tabs> + <tab> + <text>Config</text> + <url>/pkg_edit.php?xml=tinc.xml</url> + <active/> + </tab> + <tab> + <text>Hosts</text> + <url>/pkg.php?xml=tinc_hosts.xml</url> + </tab> + </tabs> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/tinc/tinc.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> - <item>https://packages.pfsense.org/packages/config/tinc/tinc_config.xml</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/tinc/tinc_hosts.xml</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> <item>https://packages.pfsense.org/packages/config/tinc/status_tinc.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/shortcuts/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/tinc/pkg_tinc.inc</item> </additional_files_needed> - - <service> - <name>tinc</name> - <rcfile>tinc.sh</rcfile> - <executable>tincd</executable> - <description>tinc mesh VPN</description> - </service> - <include_file>/usr/local/pkg/tinc.inc</include_file> - + <advanced_options>enabled</advanced_options> + <fields> + <field> + <name>Basic Settings</name> + <type>listtopic</type> + </field> + <field> + <fielddescr>Enable Tinc VPN</fielddescr> + <fieldname>enable</fieldname> + <description>Check this to enable tinc mesh VPN.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Name</fielddescr> + <fieldname>name</fieldname> + <description> + <![CDATA[ + This is the name which identifies this tinc daemon.<br /> + It must be unique for the virtual private network this daemon will connect to. + ]]> + </description> + <type>input</type> + <required/> + </field> + <field> + <fielddescr>Local IP</fielddescr> + <fieldname>localip</fieldname> + <description> + <![CDATA[ + IP Address of local tunnel interface.<br /> + This is often the same IP as your routers LAN address. (Example: 192.168.2.1) + ]]> + </description> + <type>input</type> + <required/> + </field> + <field> + <fielddescr>Local Subnet</fielddescr> + <fieldname>localsubnet</fieldname> + <description> + <![CDATA[ + Subnet behind this router that should be advertised to the mesh.<br /> + This is usually your LAN subnet. (Example: 192.168.2.0/24) + ]]> + </description> + <type>input</type> + <required/> + </field> + <field> + <fielddescr>VPN Netmask</fielddescr> + <fieldname>vpnnetmask</fieldname> + <description> + <![CDATA[ + This is the Netmask that defines what traffic is routed to the VPNs tunnel interface.<br /> + It is usually broader then your local netmask. (Example: 255.255.0.0) + ]]> + </description> + <type>input</type> + <required/> + </field> + <field> + <fielddescr>Address Family</fielddescr> + <fieldname>addressfamily</fieldname> + <description> + <![CDATA[ + This option affects the address family of listening and outgoing sockets.<br /> + If "Any" is selected, then - depending on the operating system - either both IPv4 and IPv6 or just IPv6 listening sockets will be created. + ]]> + </description> + <type>select</type> + <options> + <option> + <name>IPv4</name> + <value>ipv4</value> + </option> + <option> + <name>IPv6</name> + <value>ipv6</value> + </option> + <option> + <name>Any</name> + <value>any</value> + </option> + </options> + </field> + <field> + <fielddescr>RSA Private Key</fielddescr> + <fieldname>cert_key</fieldname> + <description> + <![CDATA[ + RSA private key used for this host. <strong>Include the BEGIN and END lines.</strong><br /> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>7</rows> + <cols>70</cols> + </field> + <field> + <fielddescr>RSA Public Key</fielddescr> + <fieldname>cert_pub</fieldname> + <description> + <![CDATA[ + RSA public key used for this host. <strong>Include the BEGIN and END lines.</strong><br /> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>7</rows> + <cols>70</cols> + </field> + <field> + <fielddescr>Generate RSA Key Pair</fielddescr> + <fieldname>gen_rsa</fieldname> + <description>This will generate a new RSA key pair in the fields above.</description> + <type>checkbox</type> + </field> + <field> + <fielddescr>Extra Tinc Parameters</fielddescr> + <fieldname>extra</fieldname> + <description> + <![CDATA[ + Anything entered here will be added at the end of the tinc.conf configuration file.<br /> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Extra Host Parameters</fielddescr> + <fieldname>host_extra</fieldname> + <description> + <![CDATA[ + Anything entered here will be added just prior to the public certiciate in the host configuration file for this machine.<br /> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Interface Up Script</fielddescr> + <fieldname>tinc_up</fieldname> + <description> + <![CDATA[ + This script is executed right after the tinc daemon has connected to the virtual network device.<br /> + By default, a tinc-up file is created that brings up the tinc interface with the IP Address and Netmask specified above and adds it to the tinc interface group.<br /> + <strong>Note: Entering a value here complely replaces the default script; be sure to bring up the interface in this script!</strong> + ]]> + </description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Interface Down Script</fielddescr> + <fieldname>tinc_down</fieldname> + <description>This script is executed right before the tinc daemon is going to close.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Host Up Script</fielddescr> + <fieldname>host_up</fieldname> + <description>This script is executed when any host becomes reachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Host Down Script</fielddescr> + <fieldname>host_down</fieldname> + <description>This script is executed when any host becomes unreachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Subnet Up Script</fielddescr> + <fieldname>subnet_up</fieldname> + <description>This script is executed when any subnet becomes reachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + <field> + <fielddescr>Subnet Down Script</fielddescr> + <fieldname>subnet_down</fieldname> + <description>This script is executed when any subnet becomes unreachable.</description> + <type>textarea</type> + <encoding>base64</encoding> + <rows>8</rows> + <cols>70</cols> + <advancedfield/> + </field> + </fields> <custom_php_install_command> tinc_install(); </custom_php_install_command> <custom_php_deinstall_command> tinc_deinstall(); </custom_php_deinstall_command> - + <custom_php_resync_config_command> + tinc_save(); + </custom_php_resync_config_command> + <custom_php_validation_command> + tinc_validate_input($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/tinc/tinc_config.xml b/config/tinc/tinc_config.xml deleted file mode 100644 index d6ee9c26..00000000 --- a/config/tinc/tinc_config.xml +++ /dev/null @@ -1,215 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> -<packagegui> - <copyright> - <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ -/* - tinc_config.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <name>tinc</name> - <version>1.0.19</version> - <title>VPN: tinc</title> - - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> - <configpath>['installedpackages']['package']['$packagename']['config']</configpath> - - <tabs> - <tab> - <text>Config</text> - <url>/pkg_edit.php?xml=tinc_config.xml</url> - <active/> - </tab> - <tab> - <text>Hosts</text> - <url>/pkg.php?xml=tinc_hosts.xml</url> - </tab> - </tabs> - <advanced_options>enabled</advanced_options> - <fields> - <field> - <fielddescr>Name</fielddescr> - <fieldname>name</fieldname> - <description>This is the name which identifies this tinc daemon. It must be unique for the virtual private network this daemon will connect to.</description> - <type>input</type> - </field> - <field> - <fielddescr>Local IP</fielddescr> - <fieldname>localip</fieldname> - <description>IP Address of local tunnel interface. This is often the same IP as your routers LAN address, for example 192.168.2.1</description> - <type>input</type> - </field> - <field> - <fielddescr>Local Subnet</fielddescr> - <fieldname>localsubnet</fieldname> - <description>Subnet behind this router that should be advertised to the mesh. This is usually your LAN subnet, for example 192.168.2.0/24</description> - <type>input</type> - </field> - <field> - <fielddescr>VPN Netmask</fielddescr> - <fieldname>vpnnetmask</fieldname> - <description>This is the Netmask that defines what traffic is routed to the VPNs tunnel interface. It is usually broader then your local netmask, for example 255.255.0.0</description> - <type>input</type> - </field> - <field> - <fielddescr>AddressFamily</fielddescr> - <fieldname>addressfamily</fieldname> - <description>This option affects the address family of listening and outgoing sockets. If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created.</description> - <type>select</type> - <options> - <option> - <name>ipv4</name> - <value>ipv4</value> - </option> - <option> - <name>ipv6</name> - <value>ipv6</value> - </option> - <option> - <name>any</name> - <value>any</value> - </option> - </options> - </field> - <field> - <fielddescr>RSA private key</fielddescr> - <fieldname>cert_key</fieldname> - <description>RSA private key used for this host. Include the BEGIN and END lines. <br></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>7</rows> - <cols>65</cols> - </field> - <field> - <fielddescr>RSA public key</fielddescr> - <fieldname>cert_pub</fieldname> - <description>RSA public key used for this host. Include the BEGIN and END lines. <br></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>7</rows> - <cols>65</cols> - </field> - <field> - <fielddescr>Generate RSA key pair</fielddescr> - <fieldname>gen_rsa</fieldname> - <description>This will generate a new RSA key pair in the fields above.</description> - <type>checkbox</type> - </field> - <field> - <fielddescr>Extra Tinc Parameters</fielddescr> - <fieldname>extra</fieldname> - <description>Anything entered here will be added at the end of the tinc.conf configuration file. <br></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Extra Host Parameters</fielddescr> - <fieldname>host_extra</fieldname> - <description>Anything entered here will be added just prior to the public certiciate in the host configuration file for this machine. <br></description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Interface Up Script</fielddescr> - <fieldname>tinc_up</fieldname> - <description>This script is executed right after the tinc daemon has connected to the virtual network device. By default a tinc-up file is created that brings up the tinc interface with the IP Address and Netmask specified above and adds it to the tinc interface group. Entering a value here complely replaces the default script so be sure to bring up the interface in this script.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Interface Down Script</fielddescr> - <fieldname>tinc_down</fieldname> - <description>This script is executed right before the tinc daemon is going to close.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Host Up Script</fielddescr> - <fieldname>host_up</fieldname> - <description>This script is executed when any host becomes reachable.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Host Down Script</fielddescr> - <fieldname>host_down</fieldname> - <description>This script is executed when any host becomes unreachable.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Subnet Up Script</fielddescr> - <fieldname>subnet_up</fieldname> - <description>This script is executed when any subnet becomes reachable.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - <field> - <fielddescr>Subnet Down Script</fielddescr> - <fieldname>subnet_down</fieldname> - <description>This script is executed when any subnet becomes unreachable.</description> - <type>textarea</type> - <encoding>base64</encoding> - <rows>8</rows> - <cols>65</cols> - <advancedfield/> - </field> - </fields> - <include_file>/usr/local/pkg/tinc.inc</include_file> - <custom_php_resync_config_command> - tinc_save(); - </custom_php_resync_config_command> -</packagegui> diff --git a/config/tinc/tinc_hosts.xml b/config/tinc/tinc_hosts.xml index 7741b7be..b521d4a2 100644 --- a/config/tinc/tinc_hosts.xml +++ b/config/tinc/tinc_hosts.xml @@ -1,57 +1,54 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - tinc_hosts.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2009 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + tinc_hosts.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>tinc Hosts</description> - <requirements></requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>tinchosts</name> - <version>1.0.19</version> + <version>1.2.2</version> <title>VPN: tinc - Hosts</title> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> + <include_file>/usr/local/pkg/tinc.inc</include_file> <configpath>['installedpackages']['package']['$packagename']['config']</configpath> - <tabs> <tab> <text>Config</text> - <url>/pkg_edit.php?xml=tinc_config.xml</url> + <url>/pkg_edit.php?xml=tinc.xml</url> </tab> <tab> <text>Hosts</text> @@ -60,9 +57,6 @@ </tab> </tabs> <advanced_options>enabled</advanced_options> - - <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit - items. An example of this would be the nat page where you add new nat redirects --> <adddeleteeditpagefields> <columnitem> <fielddescr>Name</fielddescr> @@ -83,20 +77,20 @@ </columnitem> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Name</fielddescr> <fieldname>name</fieldname> <description>Name of this host.</description> <type>input</type> + <required/> </field> <field> <fielddescr>Address</fielddescr> <fieldname>address</fieldname> <description>IP address or hostname of server.</description> <type>input</type> + <required/> </field> <field> <fielddescr>Subnet</fielddescr> @@ -104,6 +98,7 @@ <description>Subnet behind host (like 192.168.254.0/24)</description> <type>input</type> <size>50</size> + <required/> </field> <field> <fielddescr>Connect at Startup</fielddescr> @@ -114,54 +109,66 @@ <field> <fielddescr>RSA public key</fielddescr> <fieldname>cert_pub</fieldname> - <description>RSA public key used for this host. Include the BEGIN and END lines.<br></description> + <description> + <![CDATA[ + RSA public key used for this host. <strong>Include the BEGIN and END lines.</strong><br /> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <rows>7</rows> - <cols>65</cols> + <cols>70</cols> </field> <field> <fielddescr>Extra Parameters</fielddescr> <fieldname>extra</fieldname> - <description>Anything entered here will be added just prior to the public certiciate in the host configuration file. <br></description> + <description> + <![CDATA[ + Anything entered here will be added just prior to the public certiciate in the host configuration file.<br /> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <rows>8</rows> - <cols>65</cols> + <cols>70</cols> <advancedfield/> </field> <field> <fielddescr>Host Up Script</fielddescr> <fieldname>host_up</fieldname> - <description>This script will be run when this host becomes reachable. <br></description> + <description> + <![CDATA[ + This script will be run when this host becomes reachable.<br /> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <rows>8</rows> - <cols>65</cols> + <cols>70</cols> <advancedfield/> </field> <field> <fielddescr>Host Down Script</fielddescr> <fieldname>host_down</fieldname> - <description>This script will be run when this host becomes unreachable. <br></description> + <description> + <![CDATA[ + This script will be run when this host becomes unreachable.<br /> + ]]> + </description> <type>textarea</type> <encoding>base64</encoding> <rows>8</rows> - <cols>65</cols> + <cols>70</cols> <advancedfield/> </field> - </fields> - <include_file>/usr/local/pkg/tinc.inc</include_file> - <custom_add_php_command> - </custom_add_php_command> + </fields> <custom_php_resync_config_command> tinc_save(); </custom_php_resync_config_command> - <custom_php_command_before_form> - </custom_php_command_before_form> - <custom_php_after_form_command> - </custom_php_after_form_command> <custom_delete_php_command> tinc_save(); </custom_delete_php_command> + <custom_php_validation_command> + tinc_validate_input($_POST, $input_errors); + </custom_php_validation_command> </packagegui> diff --git a/config/urlsnarf/urlsnarf.xml b/config/urlsnarf/urlsnarf.xml index c65d1a14..97b3d6bd 100644 --- a/config/urlsnarf/urlsnarf.xml +++ b/config/urlsnarf/urlsnarf.xml @@ -3,23 +3,28 @@ <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ -/* ========================================================================== */ +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ /* - part of pfSense (http://www.pfSense.com) - Copyright (C) 2013 + urlsnarf.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013-2015 ESF, LLC All rights reserved. -/* ========================================================================== */ +*/ +/* ====================================================================================== */ /* Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY @@ -31,14 +36,12 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ +*/ +/* ====================================================================================== */ ]]> </copyright> <description>urlsnarf</description> - <requirements>None</requirements> - <faq></faq> <name>urlsnarf</name> - <version>0.0</version> + <version>2.4b1</version> <title>urlsnarf</title> -</packagegui>
\ No newline at end of file +</packagegui> diff --git a/config/vhosts/vhosts.inc b/config/vhosts/vhosts.inc index cf2f97b8..b0e2db45 100644 --- a/config/vhosts/vhosts.inc +++ b/config/vhosts/vhosts.inc @@ -27,6 +27,9 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + +require_once('service-utils.inc'); + //sort array function sort_host($a, $b) { return strcmp($a["host"], $b["host"]); @@ -622,7 +625,6 @@ EOF; function vhosts_install_command() { global $config; - conf_mount_rw(); safe_mkdir("/usr/local/vhosts/"); write_rcfile(array( @@ -637,13 +639,9 @@ function vhosts_install_command() { function vhosts_deinstall_command() { - conf_mount_rw(); - stop_service("vhosts-http"); - unlink_if_exists("/usr/local/etc/rc.d/vhosts-http.sh"); exec("/bin/rm -f /usr/local/etc/rc.d/vhosts*"); exec("/bin/rm -f /var/etc/vhosts*"); exec("/bin/rm -rf /usr/local/www/packages/vhosts"); - conf_mount_ro(); } ?> diff --git a/config/vnstat2/vnstat2.inc b/config/vnstat2/vnstat2.inc index 89a8b7c2..b42bc0a9 100644 --- a/config/vnstat2/vnstat2.inc +++ b/config/vnstat2/vnstat2.inc @@ -30,58 +30,13 @@ require_once("util.inc"); function vnstat_install_deinstall() { - conf_mount_rw(); - global $config; // Remove Vnstat package and files exec("/bin/rm -d -R /usr/local/www/vnstat2"); exec("/bin/rm -d -R /usr/local/www/vnstati"); exec("/bin/rm -d -R /usr/local/pkg/vnstat2"); exec("/bin/rm /usr/local/etc/vnstat.conf"); // Remove vnstat cron entry from config.xml - vnstat2_install_cron(false); - conf_mount_ro(); -} - -function vnstat2_install_cron($vnstat_cron_value) { - global $config; - $is_installed = false; - if (!$config['cron']['item']) { - return; - } - $x=0; - foreach ($config['cron']['item'] as $item) { - if (strstr($item['command'], "/usr/local/pkg/vnstat2/vnstat2.sh")) { - $is_installed = true; - break; - } - $x++; - } - switch ($vnstat_cron_value) { - case true: - if (!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/1"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/vnstat2/vnstat2.sh"; - $config['cron']['item'][] = $cron_item; - write_config(); - configure_cron(); - } - break; - case false: - if ($is_installed == true) { - if ($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - } - configure_cron(); - } - break; - } + install_cron_job("/usr/local/pkg/vnstat2/vnstat2.sh", false); } function change_vnstat_conf() { @@ -228,7 +183,7 @@ function vnstat_install_config() { } write_conf_f(); // Add cron job to config.xml - vnstat2_install_cron(true); + install_cron_job("/usr/local/pkg/vnstat2/vnstat2.sh", true, "*/1"); vnstat_create_nic_dbs(); write_config(); conf_mount_ro(); diff --git a/config/widget-antivirus/antivirus_status.inc b/config/widget-antivirus/antivirus_status.inc index 48c06f9e..be1d6333 100644 --- a/config/widget-antivirus/antivirus_status.inc +++ b/config/widget-antivirus/antivirus_status.inc @@ -4,4 +4,4 @@ $antivirus_status_title = "Antivirus Status"; $antivirus_status_title_link = ""; -?>
\ No newline at end of file +?> diff --git a/config/widget-antivirus/antivirus_status.widget.php b/config/widget-antivirus/antivirus_status.widget.php index 9c18d3f6..f1079ea9 100644 --- a/config/widget-antivirus/antivirus_status.widget.php +++ b/config/widget-antivirus/antivirus_status.widget.php @@ -30,6 +30,7 @@ require_once("guiconfig.inc"); require_once("pfsense-utils.inc"); require_once("functions.inc"); +require_once("pkg-utils.inc"); define('PATH_CLAMDB', '/var/db/clamav'); define('PATH_HAVPLOG', '/var/log/access.log'); @@ -91,26 +92,6 @@ function dwg_av_statistic() { $log = file_get_contents(PATH_HAVPLOG); $count = substr_count(strtolower($log), "virus clamd:"); $s = "Found $count viruses (total)."; - -/* -# slowly worked - need apply cache or preparse stat - - $log = explode("\n", $log); - # counters: day, week, mon, total - $count = 0; - foreach($log as $ln) { - $ln = explode(' ', $ln); - # 0:date 1:time 2:ip 3:get 4:len 5:url 6:xx 7:status - if (strpos(strtolower($ln[7]), "virus") !== false) { - $count++; - } - } - $s = "Found viruses:<br>"; - $s .= "<table width='100%' border='0' cellspacing='0' cellpadding='0'><tbody>"; - $s .= "<tr align='center'><td>today</td><td>week</td><td>mon</td><td>total</td></tr>"; - $s .= "<tr align='center'><td>0</td><td>0</td><td>0</td><td>$count</td></tr>"; - $s .= "</tbody></table>"; -*/ } return $s; } @@ -123,8 +104,17 @@ function dwg_av_statistic() { <td class="vncellt">HTTP Scanner</td> <td class="listr" width="75%"> <?php - // HAVP version; note - obviously broken now - echo exec("pkg_info | grep \"[h]avp\""); + // HAVP version + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); + if ($pfs_version == "2.1") { + echo exec("pkg_info | grep \"[h]avp\""); + } elseif ($pfs_version == "2.2") { + // Show package version at least, no good quick way to get the PBI version + echo "pkg v{$config['installedpackages']['package'][get_pkg_id("havp")]['version']}"; + } else { + pkg_exec("query '%v' havp", $version, $err); + echo $version; + } ?> </td> </tr> diff --git a/config/widget-antivirus/widget-antivirus.inc b/config/widget-antivirus/widget-antivirus.inc deleted file mode 100644 index 620d8e82..00000000 --- a/config/widget-antivirus/widget-antivirus.inc +++ /dev/null @@ -1,8 +0,0 @@ -<?php - -function widget_antivirus_uninstall() { - unlink("/usr/local/www/widgets/include/antivirus_status.inc"); - unlink("/usr/local/www/widgets/widgets/antivirus_status.widget.php"); -} - -?>
\ No newline at end of file diff --git a/config/widget-antivirus/widget-antivirus.xml b/config/widget-antivirus/widget-antivirus.xml index 91a6a392..8a18c2bb 100644 --- a/config/widget-antivirus/widget-antivirus.xml +++ b/config/widget-antivirus/widget-antivirus.xml @@ -44,13 +44,8 @@ <description>Antivirus status widget add-on for HAVP</description> <requirements>HAVP package</requirements> <name>widget-antivirus</name> - <version>0.1.1</version> + <version>0.1.2</version> <title>Widget - Antivirus Status</title> - <include_file>/usr/local/pkg/widget-antivirus.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <item>https://packages.pfsense.org/packages/config/widget-antivirus/widget-antivirus.inc</item> - </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/include/</prefix> <item>https://packages.pfsense.org/packages/config/widget-antivirus/antivirus_status.inc</item> @@ -59,7 +54,4 @@ <prefix>/usr/local/www/widgets/widgets/</prefix> <item>https://packages.pfsense.org/packages/config/widget-antivirus/antivirus_status.widget.php</item> </additional_files_needed> - <custom_php_deinstall_command> - widget_antivirus_uninstall(); - </custom_php_deinstall_command> </packagegui> diff --git a/config/widget-havp/havp_alerts.inc b/config/widget-havp/havp_alerts.inc index ecbfe897..3aeb1016 100644 --- a/config/widget-havp/havp_alerts.inc +++ b/config/widget-havp/havp_alerts.inc @@ -12,4 +12,4 @@ $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); /* AJAX related routines */ handle_havp_ajax($havp_alerts_logfile, $nentries = 5); -?>
\ No newline at end of file +?> diff --git a/config/widget-havp/havp_alerts.inc.php b/config/widget-havp/havp_alerts.inc.php index c0810b83..81be9d3b 100644 --- a/config/widget-havp/havp_alerts.inc.php +++ b/config/widget-havp/havp_alerts.inc.php @@ -1,52 +1,76 @@ -<? +<?php +/* + havp_alerts.inc.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ function get_havp_alerts($havp_alerts, $nentries, $tail = 20) { global $config, $g; $logarr = ""; /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */ exec("/usr/bin/tail -r -n {$tail} {$havp_alerts}", $logarr); - + $havpalerts = array(); - $counter = 0; - + foreach ($logarr as $logent) { - if($counter >= $nentries) + if ($counter >= $nentries) { break; - + } $alert = parse_havp_alert_line($logent); if ($alert != "") { $counter++; $havpalerts[] = $alert; } - } - /* Since the rules are in reverse order, flip them around if needed based on the user's preference */ + /* Since the rules are in reverse order, flip them around if needed, based on the user's preference */ return isset($config['syslog']['reverse']) ? $havpalerts : array_reverse($havpalerts); } - - - function parse_havp_alert_line($line) { + global $g; $log_split = ""; - - preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split); - list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'], - $alert['virusname']) = $log_split; + // FIXME: Obviously incomplete TLD list at the moment, plus the whole thing is completely whacky... + preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split); + list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'], $alert['virusname']) = $log_split; $usableline = true; - if(trim($alert['url']) == "") + if (trim($alert['url']) == "") { $usableline = false; - if(trim($alert['virusname']) == "") + } + if (trim($alert['virusname']) == "") { $usableline = false; - - if($usableline == true) { + } + if ($usableline == true) { return $alert; } else { - if($g['debug']) { - log_error("There was a error parsing line: $line. Please report to mailing list or forum."); + if ($g['debug']) { + log_error("There was a error parsing line: $line."); } return ""; } @@ -54,32 +78,24 @@ function parse_havp_alert_line($line) { /* AJAX specific handlers */ function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) { - if($_GET['lastsawtime'] or $_POST['lastsawtime']) { - if($_GET['lastsawtime']) + if ($_GET['lastsawtime'] or $_POST['lastsawtime']) { + if ($_GET['lastsawtime']) { $lastsawtime = $_GET['lastsawtime']; - if($_POST['lastsawtime']) + } + if ($_POST['lastsawtime']) { $lastsawtime = $_POST['lastsawtime']; - /* compare lastsawrule's time stamp to alert logs. - * afterwards return the newer records so that client - * can update AJAX interface screen. - */ + } + // Compare last seen rule's time stamp with alert logs. + // Afterwards, return the newer records so that client can update AJAX interface screen. $new_rules = ""; $time_regex = ""; - + $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); foreach($havp_alerts as $log_row) { - preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U",$log_row['date'] , $time_regex); -# $time_regex = "";"/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])\s+([0-9][0-9]:[0-9][0-9]:[0-9][0-9])$/U" - // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['date'] . " " . $log_row['time'], $time_regex); + preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U", $log_row['date'], $time_regex); $row_time = strtotime($time_regex[2] . "/" . $time_regex[1] . "/" . $time_regex[3] . " " . $log_row['time']); - // $myfile = "/testfile.txt"; - // $fh = fopen($myfile,'a') or die("can't open file"); - // $stringdata = $lastsawtime . "-" . $row_time . "\n"; - // fwrite($fh, $stringdata); - // fclose($fh); - if($row_time > $lastsawtime and $lastsawtime > 0) { - + if ($row_time > $lastsawtime and $lastsawtime > 0) { $new_rules .= "{$log_row['url']}||{$log_row['virusname']}||" . time() . "||{$log_row['date']}||{$log_row['time']}||" . "\n"; } } @@ -87,4 +103,5 @@ function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) { exit; } } -?>
\ No newline at end of file + +?> diff --git a/config/widget-havp/havp_alerts.js b/config/widget-havp/havp_alerts.js index 110e3998..ae97ab2f 100644 --- a/config/widget-havp/havp_alerts.js +++ b/config/widget-havp/havp_alerts.js @@ -1,3 +1,31 @@ +/* + havp_alerts.js + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ havplastsawtime = '<?php echo time(); ?>'; var havplines = Array(); @@ -7,10 +35,11 @@ var havpisBusy = false; var havpisPaused = false; <?php - if(isset($config['syslog']['reverse'])) + if (isset($config['syslog']['reverse'])) { echo "var isReverse = true;\n"; - else + } else { echo "var isReverse = false;\n"; + } ?> if (typeof getURL == 'undefined') { @@ -21,13 +50,12 @@ if (typeof getURL == 'undefined') { if (typeof callback.operationComplete == 'function') callback = callback.operationComplete; } catch (e) {} - if (typeof callback != 'function') - throw 'No callback function for getURL'; + if (typeof callback != 'function') + throw 'No callback function for getURL'; var http_request = null; if (typeof XMLHttpRequest != 'undefined') { - http_request = new XMLHttpRequest(); - } - else if (typeof ActiveXObject != 'undefined') { + http_request = new XMLHttpRequest(); + } else if (typeof ActiveXObject != 'undefined') { try { http_request = new ActiveXObject('Msxml2.XMLHTTP'); } catch (e) { @@ -40,9 +68,11 @@ if (typeof getURL == 'undefined') { throw 'Both getURL and XMLHttpRequest are undefined'; http_request.onreadystatechange = function() { if (http_request.readyState == 4) { - callback( { success : true, - content : http_request.responseText, - contentType : http_request.getResponseHeader("Content-Type") } ); + callback({ + success: true, + content: http_request.responseText, + contentType: http_request.getResponseHeader("Content-Type") + }); } } http_request.open('GET', url, true); @@ -51,27 +81,28 @@ if (typeof getURL == 'undefined') { } function havp_alerts_fetch_new_rules() { - if(havpisPaused) + if (havpisPaused) return; - if(havpisBusy) + if (havpisBusy) return; havpisBusy = true; getURL('widgets/helpers/havp_alerts_helper.php?lastsawtime=' + havplastsawtime, havp_alerts_fetch_new_rules_callback); } + function havp_alerts_fetch_new_rules_callback(callback_data) { - if(havpisPaused) + if (havpisPaused) return; var data_split; var new_data_to_add = Array(); var data = callback_data.content; data_split = data.split("\n"); - for(var x=0; x<data_split.length-1; x++) { + for (var x = 0; x < data_split.length - 1; x++) { /* loop through rows */ row_split = data_split[x].split("||"); var line = ''; - line += '<td width="25%" class="listr">' + row_split[4] + '<br> ' + row_split[3] + '</td>'; - line += '<td width="75%" class="listr">' + row_split[0] + '<br>' + row_split[1] + '</td>'; + line += '<td width="25%" class="listr">' + row_split[4] + '<br/> ' + row_split[3] + '</td>'; + line += '<td width="75%" class="listr">' + row_split[0] + '<br/>' + row_split[1] + '</td>'; havplastsawtime = row_split[2]; new_data_to_add[new_data_to_add.length] = line; } @@ -79,11 +110,10 @@ function havp_alerts_fetch_new_rules_callback(callback_data) { havpisBusy = false; } - function havp_alerts_update_div_rows(data) { - if(havpisPaused) + if (havpisPaused) return; - + var isIE = navigator.appName.indexOf('Microsoft') != -1; var isSafari = navigator.userAgent.indexOf('Safari') != -1; var isOpera = navigator.userAgent.indexOf('Opera') != -1; @@ -94,51 +124,44 @@ function havp_alerts_update_div_rows(data) { showanim = 0; } //alert(data.length); - for(var x=0; x<data.length; x++) { + for (var x = 0; x < data.length; x++) { var numrows = rows.length; - /* if reverse logging is enabled we need to show the - * records in a reverse order with new items appearing - * on the top - */ - if(isReverse == false) { + // If reverse logging is enabled we need to show the records + // in a reverse order with new items appearing on the top. + if (isReverse == false) { for (var i = 1; i < numrows; i++) { nextrecord = i + 1; - if(nextrecord < numrows) + if (nextrecord < numrows) rows[i].innerHTML = rows[nextrecord].innerHTML; } } else { for (var i = numrows; i > 0; i--) { nextrecord = i + 1; - if(nextrecord < numrows) + if (nextrecord < numrows) rows[nextrecord].innerHTML = rows[i].innerHTML; } } var item = document.getElementById('havp-firstrow'); - if(x == data.length-1) - { + if (x == data.length - 1) { /* nothing */ showanim = false; - } - else - { + } else { showanim = false; } - if (showanim) - { - // item.style.display = 'none'; + if (showanim) { + //item.style.display = 'none'; item.innerHTML = data[x]; - // new Effect.Appear(item); - } - else - { + //new Effect.Appear(item); + } else { item.innerHTML = data[x]; } } /* rechedule AJAX interval */ //havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay); } + function havp_alerts_toggle_pause() { - if(havpisPaused) { + if (havpisPaused) { havpisPaused = false; havp_alerts_fetch_new_rules(); } else { diff --git a/config/widget-havp/havp_alerts.widget.php b/config/widget-havp/havp_alerts.widget.php index f8265d11..20b53b0e 100644 --- a/config/widget-havp/havp_alerts.widget.php +++ b/config/widget-havp/havp_alerts.widget.php @@ -1,30 +1,34 @@ <?php /* - havp_alerts.widget.php - Copyright (C) 2009 Michael Liberman , Jim Pingle + havp_alerts.widget.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Michael Liberman + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -global $config, $g; +global $config; ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> @@ -39,25 +43,27 @@ if (is_array($havp_alerts)) { foreach ($havp_alerts as $alert) { ?> <?php - if(isset($config['syslog']['reverse'])) { + if (isset($config['syslog']['reverse'])) { /* honour reverse logging setting */ - if($counter == 0) + if ($counter == 0) { $activerow = " id=\"havp-firstrow\""; - else + } else { $activerow = ""; + } } else { /* non-reverse logging */ - if($counter == count($havp_alerts) - 1) + if ($counter == count($havp_alerts) - 1) { $activerow = " id=\"havp-firstrow\""; - else + } else { $activerow = ""; + } } ?> <tr class="havp-alert-entry" <?php echo $activerow; ?>> - <td width="25%" class="listr"><?= $alert["time"] . "<br>" . $alert["date"]?></td> - <td width="75%" class="listr"><?= $alert["url"] . "<br>" . $alert["virusname"] ?></td> + <td width="25%" class="listr"><?= $alert["time"] . "<br/>" . $alert["date"]?></td> + <td width="75%" class="listr"><?= $alert["url"] . "<br/>" . $alert["virusname"] ?></td> </tr> <?php $counter++; } diff --git a/config/widget-havp/widget-havp.inc b/config/widget-havp/widget-havp.inc deleted file mode 100644 index 61713f24..00000000 --- a/config/widget-havp/widget-havp.inc +++ /dev/null @@ -1,11 +0,0 @@ -<?php - -function widget_havp_uninstall() { - unlink("/usr/local/www/includes/havp_alerts.inc.php"); - unlink("/usr/local/www/widgets/helpers/havp_alerts_helper.php"); - unlink("/usr/local/www/widgets/include/havp_alerts.inc"); - unlink("/usr/local/www/widgets/javascript/havp_alerts.js"); - unlink("/usr/local/www/widgets/widgets/havp_alerts.widget.php"); -} - -?>
\ No newline at end of file diff --git a/config/widget-havp/widget-havp.xml b/config/widget-havp/widget-havp.xml index f99d99de..dc405119 100644 --- a/config/widget-havp/widget-havp.xml +++ b/config/widget-havp/widget-havp.xml @@ -4,82 +4,66 @@ <packagegui> <copyright> <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ +/* $Id$ */ +/* ====================================================================================== */ /* - widget-havp.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2009 Jim Pingle - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + widget-havp.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> <description>HAVP alerts widget add-on for Dashboard package</description> <requirements>Dashboard package and HAVP</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>widget-havp</name> - <version>0.1</version> + <version>0.1.1</version> <title>Widget - HAVP</title> - <include_file>/usr/local/pkg/widget-havp.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.inc</item> - </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/includes/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/helpers/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts_helper.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/include/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.js</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.widget.php</item> </additional_files_needed> - <custom_php_deinstall_command> - widget_havp_uninstall(); - </custom_php_deinstall_command> </packagegui> diff --git a/config/zabbix-agent-lts/zabbix-agent-lts.inc b/config/zabbix-agent-lts/zabbix-agent-lts.inc index e3e5570c..ddf04f6f 100644 --- a/config/zabbix-agent-lts/zabbix-agent-lts.inc +++ b/config/zabbix-agent-lts/zabbix-agent-lts.inc @@ -1,159 +1,143 @@ <?php -/* $Id$ */ -/* ========================================================================== */ /* - zabbix-agent-lts.inc - part of the Zabbix package for pfSense - Copyright (C) 2013 Danilo G. Baio - Copyright (C) 2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + zabbix-agent-lts.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require_once("util.inc"); require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version == "2.1" || $pf_version == "2.2") { define('ZABBIX_AGENT_BASE', '/usr/pbi/zabbix22-agent-' . php_uname("m")); } else { define('ZABBIX_AGENT_BASE', '/usr/local'); } -function php_install_zabbix_agent_lts(){ - sync_package_zabbix_agent_lts(); -} - -function php_deinstall_zabbix_agent_lts(){ - global $config, $g; - - conf_mount_rw(); - - exec("/usr/bin/killall zabbix_agentd"); - unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/rc.d/zabbix_agentd_lts.sh"); - unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf"); - unlink_if_exists("/var/log/zabbix-agent-lts/zabbix_agentd_lts.log"); - unlink_if_exists("/var/run/zabbix-agent-lts/zabbix_agentd_lts.pid"); +function php_deinstall_zabbix_agent_lts() { + unlink_if_exists(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf"); + unlink_if_exists("/var/log/zabbix-agent-lts/zabbix_agentd_lts.log"); + unlink_if_exists("/var/run/zabbix-agent-lts/zabbix_agentd_lts.pid"); if (is_dir("/var/log/zabbix-agent-lts")) { - exec("/bin/rm -r /var/log/zabbix-agent-lts/"); + mwexec("/bin/rm -rf /var/log/zabbix-agent-lts/"); } - if (is_dir("/var/run/zabbix-agent-lts")) { - exec("/bin/rm -r /var/run/zabbix-agent-lts/"); + mwexec("/bin/rm -rf /var/run/zabbix-agent-lts/"); } - - conf_mount_ro(); } -function validate_input_zabbix_agent_lts($post, &$input_errors){ +function validate_input_zabbix_agent_lts($post, &$input_errors) { if (isset($post['agentenabled'])) { if (!preg_match("/\w+/", $post['server'])) { - $input_errors[]='Server field is required.'; + $input_errors[] = "Server field is required."; } - + if (!preg_match("/\w+/", $post['hostname'])) { - $input_errors[]='Hostname field is required.'; + $input_errors[] = "Hostname field is required."; } - + if ($post['listenip'] != '') { - if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/",$post['listenip'])) { - $input_errors[]='Listen IP is not a configured IP address.'; + if (!is_ipaddr_configured($post['listenip']) && !preg_match("/(127.0.0.1|0.0.0.0)/", $post['listenip'])) { + $input_errors[] = "'Listen IP' is not a configured IP address."; } } if ($post['listenport'] != '') { - if (!preg_match("/^\d+$/", $post['listenport'])) { - $input_errors[]='Listen Port is not numeric.'; - } + if (!is_numericint($post['listenport'])) { + $input_errors[] = "'Listen Port' value is not numeric."; + } elseif ($post['listenport'] < 1 || $post['listenport'] > 65535) { + $input_errors[] = "You must enter a valid value for 'Listen Port'."; + } } if ($post['refreshactchecks'] != '') { - if (!preg_match("/^\d+$/", $post['refreshactchecks'])) { - $input_errors[]='Refresh Active Checks is not numeric.'; - } elseif ( $post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600 ) { - $input_errors[]='You must enter a valid value for \'Refresh Active Checks\''; + if (!is_numericint($post['refreshactchecks'])) { + $input_errors[] = "'Refresh Active Checks' value is not numeric."; + } elseif ($post['refreshactchecks'] < 60 || $post['refreshactchecks'] > 3600) { + $input_errors[] = "You must enter a valid value for 'Refresh Active Checks'."; } } if ($post['timeout'] != '') { if (!is_numericint($post['timeout'])) { - $input_errors[]='Timeout is not numeric.'; - } elseif ( $post['timeout'] < 1 || $post['timeout'] > 30 ) { - $input_errors[]='You must enter a valid value for \'Timeout\''; + $input_errors[] = "Timeout value is not numeric."; + } elseif ($post['timeout'] < 1 || $post['timeout'] > 30) { + $input_errors[] = "You must enter a valid value for 'Timeout'."; } } - + if ($post['buffersend'] != '') { if (!is_numericint($post['buffersend'])) { - $input_errors[]='Buffer Send is not numeric.'; - } elseif ( $post['buffersend'] < 1 || $post['buffersend'] > 3600 ) { - $input_errors[]='You must enter a valid value for \'Buffer Send\''; + $input_errors[] = "'Buffer Send' value is not numeric."; + } elseif ($post['buffersend'] < 1 || $post['buffersend'] > 3600) { + $input_errors[] = "You must enter a valid value for 'Buffer Send'."; } } - + if ($post['buffersize'] != '') { if (!is_numericint($post['buffersize'])) { - $input_errors[]='Bufer Size is not numeric.'; - } elseif ( $post['buffersize'] < 2 || $post['buffersize'] > 65535 ) { - $input_errors[]='You must enter a valid value for \'Buffer Size\''; + $input_errors[] = "'Buffer Size' value is not numeric."; + } elseif ($post['buffersize'] < 2 || $post['buffersize'] > 65535) { + $input_errors[] = "You must enter a valid value for 'Buffer Size'."; } } - + if ($post['startagents'] != '') { if (!is_numericint($post['startagents'])) { - $input_errors[]='Start Agents is not numeric.'; - } elseif ( $post['startagents'] < 0 || $post['startagents'] > 100 ) { - $input_errors[]='You must enter a valid value for \'Start Agents\''; + $input_errors[] = "'Start Agents' value is not numeric."; + } elseif ($post['startagents'] < 0 || $post['startagents'] > 100) { + $input_errors[] = "You must enter a valid value for 'Start Agents'."; } } - } + } } -function sync_package_zabbix_agent_lts(){ +function sync_package_zabbix_agent_lts() { global $config, $g; conf_mount_rw(); - /* check zabbix agent settings*/ - if (is_array($config['installedpackages']['zabbixagentlts'])){ + // Check Zabbix Agent settings + if (is_array($config['installedpackages']['zabbixagentlts'])) { $zbagent_config = $config['installedpackages']['zabbixagentlts']['config'][0]; - if ($zbagent_config['agentenabled']=="on"){ - $RefreshActChecks=(preg_match("/(\d+)/",$zbagent_config['refreshactchecks'],$matches)? $matches[1] : "120"); - $BufferSend=(preg_match("/(\d+)/",$zbagent_config['buffersend'],$matches)? $matches[1] : "5" ); - $BufferSize=(preg_match("/(\d+)/",$zbagent_config['buffersize'],$matches)? $matches[1] : "100"); - $StartAgents=(preg_match("/(\d+)/",$zbagent_config['startagents'],$matches)? $matches[1] :"3" ); - $UserParams=base64_decode($zbagent_config['userparams']); - $ListenIp=($zbagent_config['listenip'] != ''? $zbagent_config['listenip'] : "0.0.0.0"); - $ListenPort=($zbagent_config['listenport'] != ''? $zbagent_config['listenport'] : "10050"); - $TimeOut=($zbagent_config['timeout'] != ''? $zbagent_config['timeout'] : "3"); - + if ($zbagent_config['agentenabled'] == "on") { + $RefreshActChecks = (preg_match("/(\d+)/", $zbagent_config['refreshactchecks'], $matches)? $matches[1] : "120"); + $BufferSend = (preg_match("/(\d+)/", $zbagent_config['buffersend'], $matches) ? $matches[1] : "5"); + $BufferSize = (preg_match("/(\d+)/", $zbagent_config['buffersize'], $matches) ? $matches[1] : "100"); + $StartAgents = (preg_match("/(\d+)/", $zbagent_config['startagents'], $matches) ? $matches[1] : "3"); + $UserParams = base64_decode($zbagent_config['userparams']); + $ListenIp = $zbagent_config['listenip'] ?: "0.0.0.0"; + $ListenPort = $zbagent_config['listenport'] ?: "10050"; + $TimeOut = $zbagent_config['timeout'] ?: "3"; + $zbagent_conf_file = <<< EOF Server={$zbagent_config['server']} ServerActive={$zbagent_config['serveractive']} @@ -172,33 +156,35 @@ StartAgents={$StartAgents} {$UserParams} EOF; - file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => ""))); + file_put_contents(ZABBIX_AGENT_BASE . "/etc/zabbix22/zabbix_agentd.conf", strtr($zbagent_conf_file, array("\r" => ""))); } } + $want_sysctls = array( 'kern.ipc.shmall' => '2097152', 'kern.ipc.shmmax' => '2147483648', 'kern.ipc.semmsl' => '250' ); $sysctls = array(); - #check sysctl file values + // Check sysctl file values $sc_file=""; if (file_exists("/etc/sysctl.conf")) { $sc = file("/etc/sysctl.conf"); foreach ($sc as $line) { list($sysk, $sysv) = explode("=", $line, 2); - if (preg_match("/\w/",$line) && !array_key_exists($sysk, $want_sysctls)) - $sc_file.=$line; + if (preg_match("/\w/", $line) && !array_key_exists($sysk, $want_sysctls)) { + $sc_file .= $line; } + } } - foreach ($want_sysctls as $ws=> $wv) { + foreach ($want_sysctls as $ws => $wv) { $sc_file .= "{$ws}={$wv}\n"; - exec("/sbin/sysctl {$ws}={$wv}"); + mwexec("/sbin/sysctl {$ws}={$wv}"); } file_put_contents("/etc/sysctl.conf", $sc_file); - #check bootloader values - $lt_file=""; + // Check bootloader values + $lt_file = ""; $want_tunables = array( 'kern.ipc.semopm' => '100', 'kern.ipc.semmni' => '128', @@ -210,61 +196,62 @@ EOF; $lt = file("/boot/loader.conf"); foreach ($lt as $line) { list($tunable, $val) = explode("=", $line, 2); - if (preg_match("/\w/",$line) && !array_key_exists($tunable, $want_tunables)) - $lt_file.=$line; + if (preg_match("/\w/", $line) && !array_key_exists($tunable, $want_tunables)) { + $lt_file .= $line; + } } } foreach ($want_tunables as $wt => $wv) { - $lt_file.= "{$wt}={$wv}\n"; + $lt_file .= "{$wt}={$wv}\n"; } file_put_contents("/boot/loader.conf", $lt_file); - /*check startup script files*/ - /* create a few directories and ensure the sample files are in place */ - if (!is_dir(ZABBIX_AGENT_BASE . "/etc/zabbix22")) - exec("/bin/mkdir -p " . ZABBIX_AGENT_BASE . "/etc/zabbix22"); - - $dir_checks = <<< EOF -if [ ! -d /var/log/zabbix-agent-lts ] - then - /bin/mkdir -p /var/log/zabbix-agent-lts - /usr/sbin/chmod 755 /var/log/zabbix-agent-lts - fi -/usr/sbin/chown -R zabbix:zabbix /var/log/zabbix-agent-lts - -if [ ! -d /var/run/zabbix-agent-lts ] - then - /bin/mkdir -p /var/run/zabbix-agent-lts - /usr/sbin/chmod 755 /var/run/zabbix-agent-lts - fi -/usr/sbin/chown -R zabbix:zabbix /var/run/zabbix-agent-lts + // Check startup script files + // Create a few directories and ensure the sample files are in place + if (!is_dir(ZABBIX_AGENT_BASE . "/etc/zabbix22")) { + mwexec("/bin/mkdir -p " . ZABBIX_AGENT_BASE . "/etc/zabbix22"); + } + + $dir_checks = <<< EOF + + if [ ! -d /var/log/zabbix-agent-lts ]; then + /bin/mkdir -p /var/log/zabbix-agent-lts + /usr/sbin/chmod 755 /var/log/zabbix-agent-lts + fi + /usr/sbin/chown -R zabbix:zabbix /var/log/zabbix-agent-lts + + if [ ! -d /var/run/zabbix-agent-lts ]; then + /bin/mkdir -p /var/run/zabbix-agent-lts + /usr/sbin/chmod 755 /var/run/zabbix-agent-lts + fi + /usr/sbin/chown -R zabbix:zabbix /var/run/zabbix-agent-lts EOF; - - $zagent_rcfile="/usr/local/etc/rc.d/zabbix_agentd_lts.sh"; - if (is_array($zbagent_config) && $zbagent_config['agentenabled']=="on"){ + + $zagent_rcfile = "/usr/local/etc/rc.d/zabbix_agentd_lts.sh"; + if (is_array($zbagent_config) && $zbagent_config['agentenabled'] == "on") { $zagent_start .= strtr($dir_checks, array("\r" => "")). "\necho \"Starting Zabbix Agent LTS...\"\n"; $zagent_start .= ZABBIX_AGENT_BASE . "/sbin/zabbix_agentd\n"; - - $zagent_stop = "echo \"Stopping Zabbix Agent LTS...\"\n"; + + $zagent_stop = "echo \"Stopping Zabbix Agent LTS...\"\n"; $zagent_stop .= "/usr/bin/killall zabbix_agentd\n"; $zagent_stop .= "/bin/sleep 5\n"; - - /* write out rc.d start/stop file */ + + // write out rc.d start/stop file write_rcfile(array( - "file" => "zabbix_agentd_lts.sh", - "start" => "$zagent_start", - "stop" => "$zagent_stop" - ) + "file" => "zabbix_agentd_lts.sh", + "start" => "$zagent_start", + "stop" => "$zagent_stop" + ) ); - mwexec("{$zagent_rcfile} restart"); - }else{ - if (file_exists($zagent_rcfile)){ - mwexec("{$zagent_rcfile} stop"); - unlink($zagent_rcfile); + restart_service("zabbix_agentd_lts"); + } else { + if (is_service_running("zabbix_agentd_lts")) { + stop_service("zabbix_agentd_lts"); } + unlink_if_exists($zagent_rcfile); } - + conf_mount_ro(); } diff --git a/config/zabbix-agent-lts/zabbix-agent-lts.xml b/config/zabbix-agent-lts/zabbix-agent-lts.xml index c58ac04c..8883ff22 100644 --- a/config/zabbix-agent-lts/zabbix-agent-lts.xml +++ b/config/zabbix-agent-lts/zabbix-agent-lts.xml @@ -1,54 +1,57 @@ -<?xml version="1.0" encoding="utf-8"?> +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> -<copyright> + <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - zabbix-agent-lts.xml - part of the Zabbix package for pfSense - Copyright (C) 2013 Danilo G. Baio - Copyright (C) 2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + zabbix-agent-lts.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> <name>zabbixagentlts</name> <title>Services: Zabbix Agent LTS</title> <category>Monitoring</category> - <version>0.8.5</version> + <version>0.8.6</version> <include_file>/usr/local/pkg/zabbix-agent-lts.inc</include_file> <addedit_string>Zabbix Agent LTS has been created/modified.</addedit_string> <delete_string>Zabbix Agent LTS has been deleted.</delete_string> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/zabbix-agent-lts/zabbix-agent-lts.inc</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <menu> <name>Zabbix Agent LTS</name> @@ -60,7 +63,7 @@ <name>zabbix_agentd_lts</name> <rcfile>zabbix_agentd_lts.sh</rcfile> <executable>zabbix_agentd</executable> - <description>Zabbix Agent LTS host monitor daemon</description> + <description>Zabbix Agent LTS Host Monitor Daemon</description> </service> <tabs> <tab> @@ -69,6 +72,7 @@ <active /> </tab> </tabs> + <advanced_options>enabled</advanced_options> <fields> <field> <name>Zabbix Agent LTS Settings</name> @@ -77,27 +81,27 @@ <field> <fielddescr>Enable</fielddescr> <fieldname>agentenabled</fieldname> - <description>Enable Zabbix Agent LTS service</description> + <description>Enable Zabbix Agent LTS service.</description> <type>checkbox</type> </field> <field> <fielddescr>Server</fielddescr> <fieldname>server</fieldname> - <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> + <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers.</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>Server Active</fielddescr> <fieldname>serveractive</fieldname> - <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks</description> + <description>List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>Hostname</fielddescr> <fieldname>hostname</fieldname> - <description>Unique hostname. Required for active checks and must match hostname as configured on the Zabbix server (case sensitive).</description> + <description>Unique, case sensitive hostname. Required for active checks and must match hostname as configured on the Zabbix server.</description> <type>input</type> <size>60</size> </field> @@ -107,7 +111,7 @@ <default_value>0.0.0.0</default_value> <type>input</type> <size>60</size> - <description>Listen IP for connections from the server (default 0.0.0.0 for all interfaces)</description> + <description>Listen IP for connections from the server. (Default: 0.0.0.0 - all interfaces)</description> </field> <field> <fielddescr>Listen Port</fielddescr> @@ -115,7 +119,7 @@ <default_value>10050</default_value> <type>input</type> <size>5</size> - <description>Listen port for connections from the server (default 10050)</description> + <description>Listen port for connections from the server. (Default: 10050)</description> </field> <field> <fielddescr>Refresh Active Checks</fielddescr> @@ -123,7 +127,7 @@ <default_value>120</default_value> <type>input</type> <size>5</size> - <description>The agent will refresh list of active checks once per 120 (default) seconds.</description> + <description>The agent will refresh list of active checks once per this number of seconds. (Default: 120)</description> </field> <field> <fielddescr>Timeout</fielddescr> @@ -131,7 +135,13 @@ <default_value>3</default_value> <type>input</type> <size>5</size> - <description>Timeout (default 3). Do not spend more that Timeout seconds on getting requested value (1-30). The agent does not kill timeouted User Parameters processes!</description> + <description> + <![CDATA[ + Do not spend more that N seconds on getting requested value.<br /> + Note: The agent does not kill timeouted User Parameters processes!<br /> + (Default: 3. Valid range: 1-30) + ]]> + </description> </field> <field> <fielddescr>Buffer Send</fielddescr> @@ -139,7 +149,12 @@ <default_value>5</default_value> <type>input</type> <size>5</size> - <description>Buffer Send (default 5). Do not keep data longer than N seconds in buffer (1-3600).</description> + <description> + <![CDATA[ + Do not keep data longer than N seconds in buffer.<br /> + (Default: 5. Valid range: 1-3600) + ]]> + </description> </field> <field> <fielddescr>Buffer Size</fielddescr> @@ -147,7 +162,12 @@ <default_value>100</default_value> <type>input</type> <size>5</size> - <description>Buffer Size (default 100). Maximum number of values in a memory buffer (2-65535). The agent will send all collected data to Zabbix server or proxy if the buffer is full.</description> + <description> + <![CDATA[ + Maximum number of values in the memory buffer. The agent will send all collected data to Zabbix server or proxy if the buffer is full.<br /> + (Default: 100. Valid range: 2-65535) + ]]> + </description> </field> <field> <fielddescr>Start Agents</fielddescr> @@ -155,7 +175,13 @@ <default_value>3</default_value> <type>input</type> <size>5</size> - <description>Start Agents (default 3). Number of pre-forked instances of zabbix_agentd that process passive checks (0-100).If set to 0, disables passive checks and the agent will not listen on any TCP port.</description> + <description> + <![CDATA[ + Number of pre-forked instances of zabbix_agentd that process passive checks.<br /> + Note: Setting to 0 disables passive checks and the agent will not listen on any TCP port.<br /> + (Default: 3. Valid range: 0-100) + ]]> + </description> </field> <field> <fielddescr>User Parameters</fielddescr> @@ -164,15 +190,25 @@ <type>textarea</type> <rows>5</rows> <cols>50</cols> - <description>User-defined parameter to monitor. There can be several user-defined parameters. Value has form, example: UserParameter=users,who|wc -l</description> + <description> + <![CDATA[ + User-defined parameter(s) to monitor. There can be multiple user-defined parameters.<br /> + Example: <em>UserParameter=users,who|wc -l</em> + ]]> + </description> + <advancedfield/> </field> </fields> - <custom_php_install_command>sync_package_zabbix_agent_lts();</custom_php_install_command> - <custom_php_command_before_form></custom_php_command_before_form> - <custom_php_after_head_command></custom_php_after_head_command> - <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix_agent_lts($_POST, $input_errors);</custom_php_validation_command> - <custom_add_php_command></custom_add_php_command> - <custom_php_resync_config_command>sync_package_zabbix_agent_lts();</custom_php_resync_config_command> - <custom_php_deinstall_command>php_deinstall_zabbix_agent_lts();</custom_php_deinstall_command> + <custom_php_install_command> + sync_package_zabbix_agent_lts(); + </custom_php_install_command> + <custom_php_validation_command> + validate_input_zabbix_agent_lts($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_zabbix_agent_lts(); + </custom_php_resync_config_command> + <custom_php_deinstall_command> + php_deinstall_zabbix_agent_lts(); + </custom_php_deinstall_command> </packagegui> diff --git a/config/zabbix-proxy-lts/zabbix-proxy-lts.inc b/config/zabbix-proxy-lts/zabbix-proxy-lts.inc index bc9864f4..39ef4f2b 100644 --- a/config/zabbix-proxy-lts/zabbix-proxy-lts.inc +++ b/config/zabbix-proxy-lts/zabbix-proxy-lts.inc @@ -1,110 +1,95 @@ <?php -/* $Id$ */ -/* ========================================================================== */ /* - zabbix-proxy-lts.inc - part of the Zabbix package for pfSense - Copyright (C) 2013 Danilo G. Baio - Copyright (C) 2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + zabbix-proxy-lts.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require_once("util.inc"); require_once("functions.inc"); require_once("pkg-utils.inc"); require_once("globals.inc"); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version == "2.1" || $pf_version == "2.2") { define('ZABBIX_PROXY_BASE', '/usr/pbi/zabbix22-proxy-' . php_uname("m")); } else { define('ZABBIX_PROXY_BASE', '/usr/local'); } -function php_install_zabbix_proxy_lts(){ - sync_package_zabbix_proxy_lts(); -} - -function php_deinstall_zabbix_proxy_lts(){ - global $config, $g; - - conf_mount_rw(); - - exec("/usr/bin/killall zabbix_proxy"); - unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/rc.d/zabbix_proxy_lts.sh"); - unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy_lts.conf"); - unlink_if_exists("/var/log/zabbix-proxy-lts/zabbix_proxy_lts.log"); - unlink_if_exists("/var/run/zabbix-proxy-lts/zabbix_proxy_lts.pid"); +function php_deinstall_zabbix_proxy_lts() { + unlink_if_exists(ZABBIX_PROXY_BASE . "/etc/zabbix22/zabbix_proxy_lts.conf"); + unlink_if_exists("/var/log/zabbix-proxy-lts/zabbix_proxy_lts.log"); + unlink_if_exists("/var/run/zabbix-proxy-lts/zabbix_proxy_lts.pid"); if (is_dir("/var/log/zabbix-proxy-lts")) { - exec("/bin/rm -r /var/log/zabbix-proxy-lts/"); + mwexec("/bin/rm -rf /var/log/zabbix-proxy-lts/"); } if (is_dir("/var/run/zabbix-proxy-lts")) { - exec("/bin/rm -r /var/run/zabbix-proxy-lts/"); + mwexec("/bin/rm -rf /var/run/zabbix-proxy-lts/"); } - if (is_dir("/var/db/zabbix-proxy-lts")) { - exec("/bin/rm -r /var/db/zabbix-proxy-lts/"); + if (is_dir("/var/db/zabbix-proxy-lts")) { + mwexec("/bin/rm -rf /var/db/zabbix-proxy-lts/"); } - - conf_mount_ro(); } -function validate_input_zabbix_proxy_lts($post, &$input_errors){ - if (isset($post['proxyenabled'])) { +function validate_input_zabbix_proxy_lts($post, &$input_errors) { + if (isset($post['proxyenabled'])) { if (!preg_match("/\w+/", $post['server'])) { - $input_errors[]='Server field is required.'; + $input_errors[] = "Server field is required."; } if (!is_numericint($post['serverport'])) { - $input_errors[]='Server Port is not numeric.'.$ServerPort; + $input_errors[] = "'Server Port' value is not numeric."; + } elseif ($post['serverport'] < 1 || $post['serverport'] > 65535) { + $input_errors[] = "You must enter a valid value for 'Server Port'."; } if (!preg_match("/\w+/", $post['hostname'])) { - $input_errors[]='Hostname field is required.'; + $input_errors[] = "Hostname field is required."; } if (!is_numericint($post['configfrequency'])) { - $input_errors[]='Config Frequency is not numeric.'; + $input_errors[] = "'Config Frequency' value is not numeric."; } } } -function sync_package_zabbix_proxy_lts(){ +function sync_package_zabbix_proxy_lts() { global $config, $g; conf_mount_rw(); - #check zabbix proxy config - if (is_array($config['installedpackages']['zabbixproxylts'])){ + // Check zabbix proxy config + if (is_array($config['installedpackages']['zabbixproxylts'])) { $zbproxy_config = $config['installedpackages']['zabbixproxylts']['config'][0]; - if ($zbproxy_config['proxyenabled']=="on"){ - $Mode=(is_numericint($zbproxy_config['proxymode'])?$zbproxy_config['proxymode'] : 0); - $AdvancedParams=base64_decode($zbproxy_config['advancedparams']); - + if ($zbproxy_config['proxyenabled'] == "on") { + $Mode = (is_numericint($zbproxy_config['proxymode']) ? $zbproxy_config['proxymode'] : 0); + $AdvancedParams = base64_decode($zbproxy_config['advancedparams']); + $zbproxy_conf_file = <<< EOF Server={$zbproxy_config['server']} ServerPort={$zbproxy_config['serverport']} @@ -114,7 +99,8 @@ DBName=/var/db/zabbix-proxy-lts/proxy.db LogFile=/var/log/zabbix-proxy-lts/zabbix_proxy_lts.log ConfigFrequency={$zbproxy_config['configfrequency']} FpingLocation=/usr/local/sbin/fping -#there's currently no fping6 (IPv6) dependency in the package, but if there was, the binary would likely also be in /usr/local/sbin +# There's currently no fping6 (IPv6) dependency in the package, +# but if there was, the binary would likely also be in /usr/local/sbin. Fping6Location=/usr/local/sbin/fping6 ProxyMode={$Mode} {$AdvancedParams} @@ -130,24 +116,25 @@ EOF; 'kern.ipc.semmsl' => '250' ); $sysctls = array(); - #check sysctl file values + // Check sysctl file values $sc_file=""; if (file_exists("/etc/sysctl.conf")) { $sc = file("/etc/sysctl.conf"); foreach ($sc as $line) { list($sysk, $sysv) = explode("=", $line, 2); - if (preg_match("/\w/",$line) && !array_key_exists($sysk, $want_sysctls)) - $sc_file.=$line; + if (preg_match("/\w/", $line) && !array_key_exists($sysk, $want_sysctls)) { + $sc_file .= $line; } + } } - foreach ($want_sysctls as $ws=> $wv) { + foreach ($want_sysctls as $ws => $wv) { $sc_file .= "{$ws}={$wv}\n"; - exec("/sbin/sysctl {$ws}={$wv}"); + mwexec("/sbin/sysctl {$ws}={$wv}"); } file_put_contents("/etc/sysctl.conf", $sc_file); - #check bootloader values - $lt_file=""; + // Check bootloader values + $lt_file = ""; $want_tunables = array( 'kern.ipc.semopm' => '100', 'kern.ipc.semmni' => '128', @@ -159,21 +146,23 @@ EOF; $lt = file("/boot/loader.conf"); foreach ($lt as $line) { list($tunable, $val) = explode("=", $line, 2); - if (preg_match("/\w/",$line) && !array_key_exists($tunable, $want_tunables)) - $lt_file.=$line; + if (preg_match("/\w/", $line) && !array_key_exists($tunable, $want_tunables)) { + $lt_file .= $line; + } } } foreach ($want_tunables as $wt => $wv) { - $lt_file.= "{$wt}={$wv}\n"; + $lt_file .= "{$wt}={$wv}\n"; } file_put_contents("/boot/loader.conf", $lt_file); - /*check startup script files*/ - /* create a few directories and ensure the sample files are in place */ - if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix22")) - exec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix22"); + // Check startup script files + // Create a few directories and ensure the sample files are in place + if (!is_dir(ZABBIX_PROXY_BASE . "/etc/zabbix22")) { + mwexec("/bin/mkdir -p " . ZABBIX_PROXY_BASE . "/etc/zabbix22"); + } - $dir_checks = <<< EOF + $dir_checks = <<< EOF if [ ! -d /var/log/zabbix-proxy-lts ]; then /bin/mkdir -p /var/log/zabbix-proxy-lts @@ -195,7 +184,7 @@ EOF; EOF; - $pid_check = <<< EOF + $pid_check = <<< EOF /bin/pgrep -anx zabbix_proxy 2>/dev/null if [ "\$?" -eq "0" ]; then @@ -204,33 +193,33 @@ EOF; fi EOF; - - $zproxy_rcfile="/usr/local/etc/rc.d/zabbix_proxy_lts.sh"; - if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled']=="on"){ - $zproxy_start = strtr($dir_checks, array("\r" => "")); + + $zproxy_rcfile = "/usr/local/etc/rc.d/zabbix_proxy_lts.sh"; + if (is_array($zbproxy_config) && $zbproxy_config['proxyenabled'] == "on") { + $zproxy_start = strtr($dir_checks, array("\r" => "")); $zproxy_start .= "\techo \"Starting Zabbix Proxy LTS\"...\n"; $zproxy_start .= "\t" . ZABBIX_PROXY_BASE . "/sbin/zabbix_proxy\n"; - - $zproxy_stop = "echo \"Stopping Zabbix Proxy LTS\"\n"; + + $zproxy_stop = "echo \"Stopping Zabbix Proxy LTS\"\n"; $zproxy_stop .= "\t/usr/bin/killall zabbix_proxy\n"; $zproxy_stop .= "\t/bin/sleep 5\n"; $zproxy_stop .= strtr($pid_check, array("\r" => "")); - /* write out rc.d start/stop file */ + // write out rc.d start/stop file write_rcfile(array( "file" => "zabbix_proxy_lts.sh", "start" => $zproxy_start, "stop" => $zproxy_stop ) ); - mwexec("{$zproxy_rcfile} restart"); - }else{ - if (file_exists($zproxy_rcfile)){ - mwexec("{$zproxy_rcfile} stop"); - unlink($zproxy_rcfile); + restart_service("zabbix_proxy_lts"); + } else { + if (is_service_running("zabbix_proxy_lts")) { + stop_service("zabbix_proxy_lts"); } + unlink_if_exists($zproxy_rcfile); } - + conf_mount_ro(); } diff --git a/config/zabbix-proxy-lts/zabbix-proxy-lts.xml b/config/zabbix-proxy-lts/zabbix-proxy-lts.xml index 15111aa5..27092e59 100644 --- a/config/zabbix-proxy-lts/zabbix-proxy-lts.xml +++ b/config/zabbix-proxy-lts/zabbix-proxy-lts.xml @@ -1,54 +1,57 @@ -<?xml version="1.0" encoding="utf-8"?> +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> -<copyright> + <copyright> <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - zabbix-proxy-lts.xml - part of the Zabbix package for pfSense - Copyright (C) 2013 Danilo G. Baio - Copyright (C) 2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + zabbix-proxy-lts.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2013 Danilo G. Baio + Copyright (C) 2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> <name>zabbixproxylts</name> <title>Services: Zabbix Proxy LTS</title> <category>Monitoring</category> - <version>0.8.5</version> + <version>0.8.6</version> <include_file>/usr/local/pkg/zabbix-proxy-lts.inc</include_file> <addedit_string>Zabbix Proxy has been created/modified.</addedit_string> <delete_string>Zabbix Proxy has been deleted.</delete_string> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/zabbix-proxy-lts/zabbix-proxy-lts.inc</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <menu> <name>Zabbix Proxy LTS</name> @@ -60,7 +63,7 @@ <name>zabbix_proxy_lts</name> <rcfile>zabbix_proxy_lts.sh</rcfile> <executable>zabbix_proxy</executable> - <description>Zabbix Proxy LTS collection daemon</description> + <description>Zabbix Proxy LTS Collection Daemon</description> </service> <tabs> <tab> @@ -69,6 +72,7 @@ <active /> </tab> </tabs> + <advanced_options>enabled</advanced_options> <fields> <field> <name>Zabbix Proxy LTS Settings</name> @@ -77,31 +81,31 @@ <field> <fielddescr>Enable</fielddescr> <fieldname>proxyenabled</fieldname> - <description>Enable Zabbix Proxy LTS service</description> + <description>Enable Zabbix Proxy LTS service.</description> <type>checkbox</type> </field> <field> <fielddescr>Server</fielddescr> <fieldname>server</fieldname> - <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers</description> + <description>List of comma delimited IP addresses (or hostnames) of ZABBIX servers.</description> <default_value>127.0.0.1</default_value> <type>input</type> <size>60</size> <required>true</required> </field> <field> - <fielddescr>Server Port</fielddescr> - <fieldname>serverport</fieldname> - <description>Port of Zabbix trapper on Zabbix server. default value 10051</description> - <default_value>10051</default_value> - <type>input</type> - <size>6</size> - <required>true</required> + <fielddescr>Server Port</fielddescr> + <fieldname>serverport</fieldname> + <description>Port of Zabbix trapper on Zabbix server. (Default: 10051)</description> + <default_value>10051</default_value> + <type>input</type> + <size>6</size> + <required>true</required> </field> <field> <fielddescr>Hostname</fielddescr> <fieldname>hostname</fieldname> - <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server</description> + <description>Unique, case-sensitive proxy name. Make sure the proxy name is known to the server.</description> <default_value>localhost</default_value> <type>input</type> <size>50</size> @@ -110,7 +114,7 @@ <field> <fielddescr>Proxy Mode</fielddescr> <fieldname>proxymode</fieldname> - <description>Select Zabbix proxy mode (Active is default)</description> + <description>Select Zabbix proxy mode (Default: Active)</description> <type>select</type> <default_value>0</default_value> <options> @@ -135,15 +139,20 @@ <type>textarea</type> <rows>5</rows> <cols>50</cols> - <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Value has form, example: StartDiscoverers=10</description> + <description>Advanced parameters. There are some rarely used parameters that sometimes need to be defined. Example: StartDiscoverers=10</description> + <advancedfield/> </field> </fields> - <custom_php_install_command>sync_package_zabbix_proxy_lts();</custom_php_install_command> - <custom_php_command_before_form></custom_php_command_before_form> - <custom_php_after_head_command></custom_php_after_head_command> - <custom_php_after_form_command></custom_php_after_form_command> - <custom_php_validation_command>validate_input_zabbix_proxy_lts($_POST, $input_errors);</custom_php_validation_command> - <custom_add_php_command></custom_add_php_command> - <custom_php_resync_config_command>sync_package_zabbix_proxy_lts();</custom_php_resync_config_command> - <custom_php_deinstall_command>php_deinstall_zabbix_proxy_lts();</custom_php_deinstall_command> + <custom_php_install_command> + sync_package_zabbix_proxy_lts(); + </custom_php_install_command> + <custom_php_validation_command> + validate_input_zabbix_proxy_lts($_POST, $input_errors); + </custom_php_validation_command> + <custom_php_resync_config_command> + sync_package_zabbix_proxy_lts(); + </custom_php_resync_config_command> + <custom_php_deinstall_command> + php_deinstall_zabbix_proxy_lts(); + </custom_php_deinstall_command> </packagegui> diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 0ecde95c..500cfebc 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -39,7 +39,7 @@ </descr> <website>http://www.asterisk.org/</website> <category>Services</category> - <version>0.3.1</version> + <version>0.3.3</version> <status>Beta</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/asterisk/asterisk.xml</config_file> @@ -61,7 +61,7 @@ <descr>The most widely used name server software.</descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>0.3.9</version> + <version>0.4.1</version> <status>RC</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> @@ -82,7 +82,7 @@ <category>File Management</category> <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> - <version>0.60.4</version> + <version>0.60.5</version> <status>Beta</status> <required_version>2.2</required_version> <maintainer>bscholer@cshl.edu</maintainer> @@ -96,7 +96,7 @@ <category>Diagnostics</category> <pkginfolink>https://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</config_file> - <version>0.2.0</version> + <version>0.2.2</version> <status>Beta</status> <required_version>2.2</required_version> <maintainer>tom@tomschaefer.org</maintainer> @@ -117,7 +117,7 @@ <category>Firewall</category> <pkginfolink>https://forum.pfsense.org/index.php?topic=86212.0</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.xml</config_file> - <version>1.09</version> + <version>1.10</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>BBCan177@gmail.com</maintainer> @@ -143,7 +143,7 @@ </descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>0.28</version> + <version>0.31</version> <status>Release</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy1_5/haproxy.xml</config_file> @@ -171,7 +171,7 @@ </descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>0.28</version> + <version>0.31</version> <status>Release</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> @@ -185,7 +185,7 @@ <custom_name>haproxy-devel</custom_name> <port>net/haproxy-devel</port> </build_pbi> - <build_options>WITH_OPENSSL_PORT=yes;haproxy_UNSET_FORCE=DPCRE;haproxy_SET_FORCE=OPENSSL SPCRE LUA</build_options> + <build_options>WITH_OPENSSL_PORT=yes;net_haproxy-devel_UNSET_FORCE=DPCRE;net_haproxy-devel_SET_FORCE=OPENSSL SPCRE LUA</build_options> </package> <package> <name>Apache with mod_security-dev</name> @@ -227,7 +227,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.1.7</version> + <version>0.1.8</version> <status>ALPHA</status> <required_version>2.2</required_version> <maximum_version>2.2.999</maximum_version> @@ -261,7 +261,7 @@ <ports_after>net/avahi-app devel/dbus</ports_after> </build_pbi> <depends_on_package_pbi>avahi-0.6.31-##ARCH##.pbi</depends_on_package_pbi> - <version>1.10.0</version> + <version>1.10.3</version> <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> @@ -279,7 +279,7 @@ <port>net/ntop</port> </build_pbi> <build_options>ntop_SET_FORCE=PCAP_PORT XMLDUMP MAKO;ntop_UNSET_FORCE=JUMBO_FRAMES;rrdtool_UNSET_FORCE=DEJAVU PERL_MODULE PYTHON_MODULE RUBY_MODULE;rrdtool_SET_FORCE=JSON MMAP NLS;graphviz_UNSET_FORCE=XPM DIGCOLA IPSEPCOLA PANGOCAIRO;graphviz_SET_FORCE=ICONV NLS;cairo_UNSET_FORCE=X11 XCB;libgd_UNSET_FORCE=FONTCONFIG XPM;libgd_SET_FORCE=ICONV;libpcap_UNSET_FORCE=DAG;libpcap_SET_FORCE=IPV6</build_options> - <version>5.0.1_4 v2.3</version> + <version>2.3.1</version> <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/ntop2/ntop.xml</config_file> @@ -299,8 +299,8 @@ <ports_before>databases/redis databases/gdbm net/GeoIP x11-fonts/font-util x11-fonts/webfonts graphics/graphviz</ports_before> <port>net/ntopng</port> </build_pbi> - <version>0.7.2</version> - <status>ALPHA</status> + <version>0.8.1</version> + <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/ntopng/ntopng.xml</config_file> <configurationfile>ntopng.xml</configurationfile> @@ -312,7 +312,7 @@ <category>Status</category> <pkginfolink/> <config_file>https://packages.pfsense.org/packages/config/notes/notes.xml</config_file> - <version>0.2.6</version> + <version>0.2.7</version> <status>Alpha</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -325,7 +325,7 @@ <pkginfolink/> <port_category>ftp</port_category> <config_file>https://packages.pfsense.org/packages/config/tftp2/tftp.xml</config_file> - <version>2.2</version> + <version>2.2.1</version> <status>Stable</status> <required_version>2.2</required_version> <configurationfile>tftp.xml</configurationfile> @@ -337,7 +337,7 @@ <category>Services</category> <pkginfolink>https://doc.pfsense.org/index.php/PHPService</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/phpservice/phpservice.xml</config_file> - <version>0.5.0</version> + <version>0.5.1</version> <status>Beta</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -349,7 +349,7 @@ <descr>Tool to Backup and Restore files and directories.</descr> <category>System</category> <config_file>https://packages.pfsense.org/packages/config/backup/backup.xml</config_file> - <version>0.1.9</version> + <version>0.2.1</version> <status>Beta</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -360,7 +360,7 @@ <descr>The cron utility is used to manage commands on a schedule.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/cron/cron.xml</config_file> - <version>0.3.0</version> + <version>0.3.2</version> <status>Beta</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -373,7 +373,7 @@ <port_category>www</port_category> <pkginfolink>https://doc.pfsense.org/index.php/vhosts</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/vhosts/vhosts.xml</config_file> - <version>0.8.0</version> + <version>0.8.2</version> <status>ALPHA</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -388,14 +388,14 @@ <category>Security</category> <run_depends>bin/snort:security/snort</run_depends> <port_category>security</port_category> - <depends_on_package_pbi>snort-2.9.7.3-##ARCH##.pbi</depends_on_package_pbi> + <depends_on_package_pbi>snort-2.9.7.5-##ARCH##.pbi</depends_on_package_pbi> <build_pbi> <port>security/snort</port> <ports_after>security/barnyard2</ports_after> </build_pbi> <build_options>barnyard2_UNSET_FORCE=ODBC PGSQL PRELUDE;barnyard2_SET_FORCE=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET_FORCE=BARNYARD PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET_FORCE=PULLEDPORK FILEINSPECT HA</build_options> <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> - <version>3.2.6</version> + <version>3.2.8</version> <required_version>2.2</required_version> <status>Stable</status> <configurationfile>/snort.xml</configurationfile> @@ -426,7 +426,7 @@ <category>Network Management</category> <port_category>net</port_category> <config_file>https://packages.pfsense.org/packages/config/routed/routed.xml</config_file> - <version>1.2</version> + <version>1.2.1</version> <status>Stable</status> <required_version>2.2</required_version> <configurationfile>routed.xml</configurationfile> @@ -438,7 +438,7 @@ <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/spamd/spamd.xml</config_file> <depends_on_package_pbi>spamd-4.9.1_2-##ARCH##.pbi</depends_on_package_pbi> - <version>1.1.3</version> + <version>1.1.5</version> <status>Beta</status> <required_version>2.2</required_version> <port_category>mail</port_category> @@ -467,7 +467,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,40622.0.html</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/postfix/postfix.xml</config_file> <depends_on_package_pbi>postfix-2.11.3_2-##ARCH##.pbi</depends_on_package_pbi> - <version>2.4.2</version> + <version>2.4.4</version> <status>Release</status> <required_version>2.2</required_version> <configurationfile>postfix.xml</configurationfile> @@ -546,7 +546,7 @@ <build_pbi> <port>net/siproxd</port> </build_pbi> - <version>1.0.5</version> + <version>1.0.6</version> <status>Beta</status> <required_version>2.2</required_version> <configurationfile>siproxd.xml</configurationfile> @@ -566,7 +566,7 @@ <build_pbi> <port>net/openbgpd</port> </build_pbi> - <version>0.9.3.4</version> + <version>0.9.3.7</version> <status>STABLE</status> <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>2.2</required_version> @@ -606,7 +606,7 @@ <config_file>https://packages.pfsense.org/packages/config/sarg/sarg.xml</config_file> <pkginfolink>https://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> <depends_on_package_pbi>sarg-2.3.9-##ARCH##.pbi</depends_on_package_pbi> - <version>0.6.4</version> + <version>0.6.6</version> <status>Release</status> <required_version>2.2</required_version> <port_category>www</port_category> @@ -633,7 +633,7 @@ <config_file>https://packages.pfsense.org/packages/config/ipguard/ipguard.xml</config_file> <pkginfolink>https://forum.pfsense.org/index.php/topic,49917.msg263664.html#msg263664</pkginfolink> <depends_on_package_pbi>ipguard-1.04_2-##ARCH##.pbi</depends_on_package_pbi> - <version>0.1</version> + <version>0.1.2</version> <status>beta</status> <required_version>2.2</required_version> <configurationfile>ipguard.xml</configurationfile> @@ -688,7 +688,7 @@ <build_pbi> <port>net/vnstat</port> </build_pbi> - <version>1.12.5</version> + <version>1.12.7</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>crazypark2@yahoo.dk</maintainer> @@ -722,7 +722,7 @@ <descr>VMware Tools is a suite of utilities that enhances the performance of the virtual machine's guest operating system and improves management of the virtual machine.</descr> <website>http://open-vm-tools.sourceforge.net/</website> <category>Services</category> - <version>1280544.11</version> + <version>1280544.12</version> <status>Stable</status> <pkginfolink>https://doc.pfsense.org/index.php/Open_VM_Tools_package</pkginfolink> <required_version>2.2</required_version> @@ -757,7 +757,7 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers.</descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>1.2</version> + <version>1.2.1</version> <status>Stable</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/arping/arping.xml</config_file> @@ -814,7 +814,7 @@ <descr>Network UPS Tools.</descr> <website>http://www.networkupstools.org/</website> <category>Network Management</category> - <version>2.0.7</version> + <version>2.1.0</version> <status>BETA</status> <required_version>2.2</required_version> <maintainer>rswagoner@gmail.com</maintainer> @@ -832,7 +832,7 @@ <name>diag_new_states</name> <descr>Paul Taylor's version of Diagnostics States which utilizes pftop.</descr> <category>Network Management</category> - <version>0.3</version> + <version>0.3.1</version> <maintainer>ptaylor@addressplus.net</maintainer> <required_version>2.2</required_version> <status>BETA</status> @@ -846,7 +846,7 @@ <descr>darkstat is a network statistics gatherer. It's a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP.</descr> <category>Network Management</category> <depends_on_package_pbi>darkstat-3.0.718-##ARCH##.pbi</depends_on_package_pbi> - <version>3.1</version> + <version>3.1.1</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>coreteam@pfsense.org</maintainer> @@ -907,7 +907,7 @@ </descr> <pkginfolink>https://doc.pfsense.org/index.php/FreeRADIUS_2.x_package</pkginfolink> <category>System</category> - <version>1.6.14</version> + <version>1.6.15</version> <status>RC1</status> <required_version>2.2</required_version> <maintainer>nachtfalkeaw@web.de</maintainer> @@ -929,7 +929,7 @@ <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>0.6</version> + <version>0.6.3</version> <status>BETA</status> <required_version>2.2</required_version> <depends_on_package_pbi>bandwidthd-2.0.1_6-##ARCH##.pbi</depends_on_package_pbi> @@ -951,7 +951,7 @@ <descr>SSL encryption wrapper between remote client and local or remote servers.</descr> <category>Network Management</category> <depends_on_package_pbi>stunnel-5.20-##ARCH##.pbi</depends_on_package_pbi> - <version>5.20</version> + <version>5.20.2</version> <status>Stable</status> <pkginfolink>https://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> <required_version>2.2</required_version> @@ -1025,7 +1025,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9 pkg v.4.3.6</version> + <version>4.3.10</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1052,7 +1052,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>0.2.8</version> + <version>0.3.5</version> <status>beta</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1096,7 +1096,7 @@ <descr>LCD display driver - development version.</descr> <website>http://www.lcdproc.org/</website> <category>Utility</category> - <version>0.9.13</version> + <version>0.9.14</version> <status>BETA</status> <required_version>2.2</required_version> <maintainer>michele@nt2.it</maintainer> @@ -1123,7 +1123,7 @@ <build_pbi> <port>net-mgmt/arpwatch</port> </build_pbi> - <version>1.1.3</version> + <version>1.1.5</version> <status>ALPHA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/arpwatch/arpwatch.xml</config_file> @@ -1140,7 +1140,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.9.14</version> + <version>1.9.15</version> <status>Beta</status> <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-1.4_7-##ARCH##.pbi</depends_on_package_pbi> @@ -1160,7 +1160,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>gugabsd@mundounix.com.br</maintainer> <category>Network Management</category> - <version>1.5_1beta pkg v.1.5.6</version> + <version>1.5.7</version> <status>Beta</status> <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-devel-1.5_1-##ARCH##.pbi</depends_on_package_pbi> @@ -1184,7 +1184,7 @@ <build_port_path>/usr/ports/archivers/zip</build_port_path> <port_category>security</port_category> <run_depends>share/openvpn/client-export/template/config-import:security/openvpn-client-export bin/zip:archivers/zip bin/7z:archivers/p7zip</run_depends> - <version>1.2.19</version> + <version>1.2.20</version> <status>RELEASE</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/openvpn-client-export/openvpn-client-export.xml</config_file> @@ -1201,20 +1201,21 @@ <ports_after>security/clamav</ports_after> </build_pbi> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_3 pkg v1.05_1</version> + <version>1.10.0</version> <status>BETA</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> <configurationfile>havp.xml</configurationfile> <maintainer>dv_serg@mail.ru</maintainer> <after_install_info>Please check the HAVP settings.</after_install_info> + <noembedded>true</noembedded> <maximum_version>2.2.999</maximum_version> </package> <package> <name>blinkled</name> <descr>Allows you to use LEDs for monitoring network activity on supported platforms (ALIX, WRAP, Soekris, etc.)</descr> <category>System</category> - <version>0.4.5</version> + <version>0.4.6</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.2</required_version> @@ -1233,7 +1234,7 @@ <name>gwled</name> <descr>Allows you to use LEDs for monitoring gateway status on supported platforms (ALIX, WRAP, Soekris, etc.)</descr> <category>System</category> - <version>0.2.2</version> + <version>0.2.3</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <port_category>sysutils</port_category> @@ -1246,7 +1247,7 @@ <descr>Dashboard widget for HAVP alerts.</descr> <category>System</category> <config_file>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.xml</config_file> - <version>0.1</version> + <version>0.1.1</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>widget-havp.xml</configurationfile> @@ -1281,7 +1282,7 @@ <descr>The shellcmd utility is used to manage commands on system startup.</descr> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/shellcmd/shellcmd.xml</config_file> - <version>0.6</version> + <version>1.0</version> <status>Beta</status> <required_version>2.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -1299,7 +1300,7 @@ </build_pbi> <build_options>nrpe_SET_FORCE=SSL;nrpe_UNSET_FORCE=ARGS</build_options> <config_file>https://packages.pfsense.org/packages/config/nrpe2/nrpe2.xml</config_file> - <version>2.15_5 v2.2_4</version> + <version>2.2.5</version> <status>Beta</status> <required_version>2.2.1</required_version> <maintainer>erik@erikkristensen.com</maintainer> @@ -1321,7 +1322,7 @@ <port>sysutils/muse</port> </build_pbi> <config_file>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.xml</config_file> - <version>0.1.4</version> + <version>0.1.5</version> <status>RC1</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com</maintainer> @@ -1336,7 +1337,7 @@ ]]> </descr> <category>Enhancements</category> - <version>1.0.3</version> + <version>1.0.5</version> <status>Beta</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.xml</config_file> @@ -1364,7 +1365,7 @@ ]]> </descr> <maintainer>jimp@pfsense.org</maintainer> - <version>0.6.6</version> + <version>0.6.7</version> <category>Routing</category> <status>BETA</status> <depends_on_package_pbi>quagga-0.99.23.1_2-##ARCH##.pbi</depends_on_package_pbi> @@ -1383,7 +1384,7 @@ <internal_name>System_Patches</internal_name> <descr>A package to apply and maintain custom system patches.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.0.5</version> + <version>1.0.6</version> <category>System</category> <status>RELEASE</status> <config_file>https://packages.pfsense.org/packages/config/systempatches/systempatches.xml</config_file> @@ -1397,7 +1398,7 @@ <descr>Bacula is a set of Open Source computer programs that permit managings backups, recovery, and verification of computer data across a network of computers of different kinds.</descr> <website>http://www.bacula.org/</website> <category>Services</category> - <version>1.0.8</version> + <version>1.0.12</version> <status>Stable</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> @@ -1477,7 +1478,7 @@ <build_pbi> <port>security/tinc</port> </build_pbi> - <version>1.0.24 v1.2.1</version> + <version>1.2.3</version> <status>ALPHA</status> <pkginfolink>https://doc.pfsense.org/index.php/tinc_package</pkginfolink> <required_version>2.2</required_version> @@ -1495,7 +1496,7 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>1.0.8</version> + <version>1.1</version> <status>ALPHA</status> <required_version>2.2</required_version> <depends_on_package_pbi>syslog-ng-3.6.2_3-##ARCH##.pbi</depends_on_package_pbi> @@ -1523,7 +1524,7 @@ <website>http://www.zabbix.com/product.php</website> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix-agent-lts/zabbix-agent-lts.xml</config_file> - <version>0.8.5</version> + <version>0.8.7</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>zabbix-agent-lts.xml</configurationfile> @@ -1550,7 +1551,7 @@ <website>http://www.zabbix.com/product.php</website> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/zabbix-proxy-lts/zabbix-proxy-lts.xml</config_file> - <version>0.8.5</version> + <version>0.8.7</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>zabbix-proxy-lts.xml</configurationfile> @@ -1639,7 +1640,7 @@ <internal_name>Service_Watchdog</internal_name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.7</version> + <version>1.7.1</version> <category>Services</category> <status>Release</status> <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> @@ -1653,7 +1654,7 @@ <category>Network Management</category> <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> <depends_on_package_pbi>softflowd-0.9.8_2-##ARCH##.pbi</depends_on_package_pbi> - <version>1.2</version> + <version>1.2.1</version> <status>Beta</status> <required_version>2.2</required_version> <configurationfile>softflowd.xml</configurationfile> @@ -1669,7 +1670,7 @@ <website>http://www.apcupsd.com/</website> <category>Services</category> <config_file>https://packages.pfsense.org/packages/config/apcupsd/apcupsd.xml</config_file> - <version>0.3.7</version> + <version>0.3.8</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>apcupsd.xml</configurationfile> @@ -1724,7 +1725,7 @@ <descr>Basic FTP Client Proxy using ftp-proxy from FreeBSD.</descr> <pkginfolink>https://forum.pfsense.org/index.php?topic=89841.0</pkginfolink> <maintainer>jimp@pfsense.org</maintainer> - <version>0.2.1</version> + <version>0.2.2</version> <category>Services</category> <status>Beta</status> <port_category>ftp</port_category> diff --git a/pkg_config.8.xml b/pkg_config.8.xml index ce02021b..fa8ab622 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -53,7 +53,7 @@ <descr><![CDATA[The most widely used name server software]]></descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>9.9.5P1_5 pkg v 0.3.9</version> + <version>9.9.5P1_5 pkg v0.4.1</version> <status>RC</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> @@ -74,7 +74,7 @@ <category>File Management</category> <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> - <version>0.60.1</version> + <version>0.60.5</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>bscholer@cshl.edu</maintainer> @@ -100,7 +100,7 @@ <category>Diagnostics</category> <pkginfolink>https://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</config_file> - <version>0.1.4</version> + <version>0.2.2</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>tom@tomschaefer.org</maintainer> @@ -166,7 +166,7 @@ Supports ACLs for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5.3 pkg v 0.27</version> + <version>1.5.3 pkg v 0.31</version> <status>Release</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy1_5/haproxy.xml</config_file> @@ -190,7 +190,7 @@ Supports ACLs for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5.3 pkg v 0.27</version> + <version>1.5.3 pkg v 0.31</version> <status>Release</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> @@ -261,7 +261,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.1.6</version> + <version>0.1.8</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> @@ -316,7 +316,7 @@ </build_pbi> <depends_on_package>avahi-app-0.6.29_1.tbz</depends_on_package> <depends_on_package_pbi>avahi-0.6.31-i386.pbi</depends_on_package_pbi> - <version>0.6.31 pkg v1.08</version> + <version>0.6.31 pkg v1.10.3</version> <status>ALPHA</status> <required_version>1.2.3</required_version> <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> @@ -368,8 +368,8 @@ <ports_before>databases/redis databases/gdbm net/GeoIP x11-fonts/font-util x11-fonts/webfonts graphics/graphviz</ports_before> <port>net/ntopng</port> </build_pbi> - <version>1.1 v0.6</version> - <status>ALPHA</status> + <version>1.1 v0.8.1</version> + <status>BETA</status> <required_version>2.1.4</required_version> <config_file>https://packages.pfsense.org/packages/config/ntopng/ntopng.xml</config_file> <configurationfile>ntopng.xml</configurationfile> @@ -424,7 +424,7 @@ <pkginfolink></pkginfolink> <config_file>https://packages.pfsense.org/packages/config/backup/backup.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <version>0.1.7</version> + <version>0.2.1</version> <status>Beta</status> <required_version>1.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -438,7 +438,7 @@ <pkginfolink></pkginfolink> <config_file>https://packages.pfsense.org/packages/config/cron/cron.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <version>0.1.9</version> + <version>0.3.2</version> <status>Beta</status> <required_version>1.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -459,26 +459,6 @@ <configurationfile>vhosts.xml</configurationfile> </package> <package> - <name>snort</name> - <pkginfolink>https://doc.pfsense.org/index.php/Setup_Snort_Package</pkginfolink> - <website>http://www.snort.org</website> - <descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr> - <category>Security</category> - <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>snort-2.9.7.2-i386.pbi</depends_on_package_pbi> - <build_pbi> - <port>security/snort</port> - <ports_after>security/barnyard2</ports_after> - </build_pbi> - <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET=PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET=PULLEDPORK FILEINSPECT HA;perl_SET=THREADS</build_options> - <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> - <version>2.9.7.2 pkg v3.2.4</version> - <required_version>2.1</required_version> - <status>Stable</status> - <configurationfile>/snort.xml</configurationfile> - <after_install_info>Please visit the Snort settings tab first and select your desired rules. Afterwards visit the update rules tab to download your configured rules.</after_install_info> - </package> - <package> <name>olsrd</name> <website>http://www.olsr.org/</website> <descr>The olsr.org OLSR daemon is an implementation of the Optimized Link State Routing protocol. OLSR is a routing protocol for mobile ad-hoc networks. The protocol is pro-active, table driven and utilizes a technique called multipoint relaying for message flooding.</descr> @@ -536,7 +516,7 @@ <depends_on_package>postfix-2.10.2,1.tbz</depends_on_package> <depends_on_package>perl5-5.16.3_4.tbz</depends_on_package> <depends_on_package_pbi>postfix-2.10.2-i386.pbi</depends_on_package_pbi> - <version>2.10.2 pkg v.2.3.9</version> + <version>2.10.2 pkg v.2.4.4</version> <status>Release</status> <required_version>2.1</required_version> <configurationfile>postfix.xml</configurationfile> @@ -675,7 +655,7 @@ <depends_on_package>sarg-2.3.6_2.tbz</depends_on_package> <depends_on_package>gd-2.0.35_8,1.tbz</depends_on_package> <depends_on_package_pbi>sarg-2.3.6_2-i386.pbi</depends_on_package_pbi> - <version>2.3.6_2 pkg v.0.6.3</version> + <version>2.3.6_2 pkg v.0.6.6</version> <status>Release</status> <required_version>2.0</required_version> <configurationfile>sarg.xml</configurationfile> @@ -696,7 +676,7 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>ipguard-1.04.tbz</depends_on_package> <depends_on_package_pbi>ipguard-1.04-i386.pbi</depends_on_package_pbi> - <version>1.0.4 pkg v.0.1</version> + <version>1.0.4 pkg v.0.1.2</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>ipguard.xml</configurationfile> @@ -864,7 +844,7 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers. </descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>2.09.1 v1.1</version> + <version>2.09.1 v1.2.1</version> <status>Stable</status> <required_version>1.0.1</required_version> <config_file>https://packages.pfsense.org/packages/config/arping/arping.xml</config_file> @@ -916,7 +896,7 @@ <descr>Network UPS Tools</descr> <website>http://www.networkupstools.org/</website> <category>Network Management</category> - <version>2.6.5_1 pkg 2.0.4</version> + <version>2.6.5_1 pkg 2.1.0</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>rswagoner@gmail.com</maintainer> @@ -933,7 +913,7 @@ <descr>Paul Taylors version of Diagnostics States which utilizes pftop.</descr> <website>http://www.addressplus.net</website> <category>Network Management</category> - <version>0.2</version> + <version>0.3.1</version> <maintainer>ptaylor@addressplus.net</maintainer> <required_version>1.2.1</required_version> <status>BETA</status> @@ -948,7 +928,7 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package>darkstat-3.0.714.tbz</depends_on_package> <depends_on_package_pbi>darkstat-3.0.715-i386.pbi</depends_on_package_pbi> - <version>3.0.714</version> + <version>3.1.1</version> <status>Stable</status> <required_version>1.2.1</required_version> <maintainer>sullrich+pfsp@gmail.com</maintainer> @@ -1041,7 +1021,7 @@ <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>2.0.1_5 pkg v.0.5</version> + <version>2.0.1_5 pkg v0.6.3</version> <status>BETA</status> <required_version>1.2.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> @@ -1130,7 +1110,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9 pkg v.4.3.4</version> + <version>2.7.9 pkg v.4.3.10</version> <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1160,7 +1140,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.1.20 pkg 2.1.2</version> + <version>3.1.20 pkg 2.1.3</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1187,7 +1167,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.10 pkg 2.2.8</version> + <version>3.3.10 pkg 2.3.0</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1232,7 +1212,7 @@ <descr>LCD display driver - Development version</descr> <website>http://www.lcdproc.org/</website> <category>Utility</category> - <version>lcdproc-0.5.6 pkg v. 0.9.11</version> + <version>lcdproc-0.5.6 pkg v. 0.9.14</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>michele@nt2.it</maintainer> @@ -1255,7 +1235,7 @@ <depends_on_package>arpwatch-2.1.a15_6.tbz</depends_on_package> <depends_on_package_pbi>arpwatch-2.1.a15_6-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net-mgmt/arpwatch</build_port_path> - <version>2.1.a15_6 pkg v1.1.2</version> + <version>2.1.a15_6 pkg v1.1.3</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/arpwatch/arpwatch.xml</config_file> @@ -1397,19 +1377,20 @@ <depends_on_package_pbi>havp-0.91_1-i386.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/havp</build_port_path> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_1 pkg v1.05</version> + <version>0.91_1 pkg v1.10.0</version> <status>BETA</status> <required_version>1.2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> <configurationfile>havp.xml</configurationfile> <maintainer>dv_serg@mail.ru</maintainer> <after_install_info>Please check the HAVP settings.</after_install_info> + <noembedded>true</noembedded> </package> <package> <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.4.3</version> + <version>0.4.6</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> @@ -1429,7 +1410,7 @@ <name>gwled</name> <descr>Allows you to use LEDs for gateway status on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.2.1</version> + <version>0.2.3</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.0</required_version> @@ -1552,7 +1533,7 @@ </build_pbi> <build_options></build_options> <config_file>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.xml</config_file> - <version>v0.1.2</version> + <version>v0.1.5</version> <status>RC1</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com</maintainer> @@ -1563,7 +1544,7 @@ <descr><![CDATA[Allows to define SSH overrides for users,groups,hosts and addresses using Match in a convenient way.<br /> This package acts as an access list frontend for ssh connections]]></descr> <category>Enhancements</category> - <version>1.0.1</version> + <version>1.0.5</version> <status>Beta</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.xml</config_file> @@ -1614,7 +1595,7 @@ <descr><![CDATA[Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.]]></descr> <website>http://www.bacula.org/</website> <category>Services</category> - <version>5.2.12_3 pkg v 1.0.7</version> + <version>5.2.12_3 pkg v 1.0.12</version> <status>Stable</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> @@ -1807,7 +1788,7 @@ <name>Service Watchdog</name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.6</version> + <version>1.7.1</version> <category>Services</category> <status>Release</status> <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> @@ -1823,7 +1804,7 @@ <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/8/All/</depends_on_package_base_url> <depends_on_package_pbi>softflowd-0.9.8_2-i386.pbi</depends_on_package_pbi> - <version>0.9.8 pkg v1.1</version> + <version>0.9.8 pkg v1.2.1</version> <status>Beta</status> <required_version>2.1</required_version> <configurationfile>softflowd.xml</configurationfile> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 9751fe3e..a2341c51 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -53,7 +53,7 @@ <descr><![CDATA[The most widely used name server software]]></descr> <website>http://www.isc.org/downloads/BIND/</website> <category>Services</category> - <version>9.9.5P1_5 pkg v 0.3.9</version> + <version>9.9.5P1_5 pkg v0.4.1</version> <status>RC</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/bind/bind.xml</config_file> @@ -74,7 +74,7 @@ <category>File Management</category> <pkginfolink>https://doc.pfsense.org/index.php/Filer_package</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filer/filer.xml</config_file> - <version>0.60.1</version> + <version>0.60.5</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>bscholer@cshl.edu</maintainer> @@ -87,7 +87,7 @@ <category>Diagnostics</category> <pkginfolink>https://forum.pfsense.org/index.php/topic,26974.0.html</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/filemgr/filemgr.xml</config_file> - <version>0.1.4</version> + <version>0.2.2</version> <status>Beta</status> <required_version>2.0</required_version> <maintainer>tom@tomschaefer.org</maintainer> @@ -153,7 +153,7 @@ Supports ACLs for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5.3 pkg v 0.27</version> + <version>1.5.3 pkg v 0.31</version> <status>Release</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy1_5/haproxy.xml</config_file> @@ -177,7 +177,7 @@ Supports ACLs for smart backend switching.]]></descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>1.5.3 pkg v 0.27</version> + <version>1.5.3 pkg v 0.31</version> <status>Release</status> <required_version>2.1</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> @@ -248,7 +248,7 @@ <website>http://www.modsecurity.org/</website> <descr>ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.</descr> <category>Network Management</category> - <version>0.1.6</version> + <version>0.1.8</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/apache_mod_security/apache_mod_security.xml</config_file> @@ -303,7 +303,7 @@ </build_pbi> <depends_on_package>avahi-0.6.29.tbz</depends_on_package> <depends_on_package_pbi>avahi-0.6.31-amd64.pbi</depends_on_package_pbi> - <version>0.6.31 pkg v1.08</version> + <version>0.6.31 pkg v1.10.3</version> <status>ALPHA</status> <required_version>1.2.3</required_version> <config_file>https://packages.pfsense.org/packages/config/avahi/avahi.xml</config_file> @@ -355,8 +355,8 @@ <ports_before>databases/redis databases/gdbm net/GeoIP x11-fonts/font-util x11-fonts/webfonts graphics/graphviz</ports_before> <port>net/ntopng</port> </build_pbi> - <version>1.1 v0.6</version> - <status>ALPHA</status> + <version>1.1 v0.8.1</version> + <status>BETA</status> <required_version>2.1.4</required_version> <config_file>https://packages.pfsense.org/packages/config/ntopng/ntopng.xml</config_file> <configurationfile>ntopng.xml</configurationfile> @@ -411,7 +411,7 @@ <pkginfolink></pkginfolink> <config_file>https://packages.pfsense.org/packages/config/backup/backup.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <version>0.1.7</version> + <version>0.2.1</version> <status>Beta</status> <required_version>1.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -425,7 +425,7 @@ <pkginfolink></pkginfolink> <config_file>https://packages.pfsense.org/packages/config/cron/cron.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <version>0.1.9</version> + <version>0.3.2</version> <status>Beta</status> <required_version>1.2</required_version> <maintainer>markjcrane@gmail.com</maintainer> @@ -446,26 +446,6 @@ <configurationfile>vhosts.xml</configurationfile> </package> <package> - <name>snort</name> - <pkginfolink>https://doc.pfsense.org/index.php/Setup_Snort_Package</pkginfolink> - <website>http://www.snort.org</website> - <descr>Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.</descr> - <category>Security</category> - <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> - <depends_on_package_pbi>snort-2.9.7.2-amd64.pbi</depends_on_package_pbi> - <build_pbi> - <port>security/snort</port> - <ports_after>security/barnyard2</ports_after> - </build_pbi> - <build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL PORT_PCAP BRO;snort_SET=PERFPROFILE SOURCEFIRE GRE IPV6 NORMALIZER APPID;snort_UNSET=PULLEDPORK FILEINSPECT HA;perl_SET=THREADS</build_options> - <config_file>https://packages.pfsense.org/packages/config/snort/snort.xml</config_file> - <version>2.9.7.2 pkg v3.2.4</version> - <required_version>2.1</required_version> - <status>Stable</status> - <configurationfile>/snort.xml</configurationfile> - <after_install_info>Please visit the Snort settings tab first and select your desired rules. Afterwards visit the update rules tab to download your configured rules.</after_install_info> - </package> - <package> <name>olsrd</name> <website>http://www.olsr.org/</website> <descr>The olsr.org OLSR daemon is an implementation of the Optimized Link State Routing protocol. OLSR is a routing protocol for mobile ad-hoc networks. The protocol is pro-active, table driven and utilizes a technique called multipoint relaying for message flooding.</descr> @@ -523,7 +503,7 @@ <depends_on_package>postfix-2.10.2,1.tbz</depends_on_package> <depends_on_package>perl5-5.16.3_4.tbz</depends_on_package> <depends_on_package_pbi>postfix-2.10.2-amd64.pbi</depends_on_package_pbi> - <version>2.10.2 pkg v.2.3.9</version> + <version>2.10.2 pkg v.2.4.4</version> <status>Release</status> <required_version>2.1</required_version> <configurationfile>postfix.xml</configurationfile> @@ -662,7 +642,7 @@ <depends_on_package>sarg-2.3.6_2.tbz</depends_on_package> <depends_on_package>gd-2.0.35_8,1.tbz</depends_on_package> <depends_on_package_pbi>sarg-2.3.6_2-amd64.pbi</depends_on_package_pbi> - <version>2.3.6_2 pkg v.0.6.3</version> + <version>2.3.6_2 pkg v.0.6.6</version> <status>Release</status> <required_version>2.0</required_version> <configurationfile>sarg.xml</configurationfile> @@ -683,7 +663,7 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>ipguard-1.04.tbz</depends_on_package> <depends_on_package_pbi>ipguard-1.04-amd64.pbi</depends_on_package_pbi> - <version>1.0.4 pkg v.0.1</version> + <version>1.0.4 pkg v.0.1.2</version> <status>beta</status> <required_version>2.0</required_version> <configurationfile>ipguard.xml</configurationfile> @@ -851,7 +831,7 @@ <descr>Broadcasts a who-has ARP packet on the network and prints answers. </descr> <website>http://www.habets.pp.se/synscan/programs.php?prog=arping</website> <category>Services</category> - <version>2.09.1 v1.1</version> + <version>2.09.1 v1.2.1</version> <status>Stable</status> <required_version>1.0.1</required_version> <config_file>https://packages.pfsense.org/packages/config/arping/arping.xml</config_file> @@ -903,7 +883,7 @@ <descr>Network UPS Tools</descr> <website>http://www.networkupstools.org/</website> <category>Network Management</category> - <version>2.6.5_1 pkg 2.0.4</version> + <version>2.6.5_1 pkg 2.1.0</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>rswagoner@gmail.com</maintainer> @@ -920,7 +900,7 @@ <descr>Paul Taylors version of Diagnostics States which utilizes pftop.</descr> <website>http://www.addressplus.net</website> <category>Network Management</category> - <version>0.2</version> + <version>0.3.1</version> <maintainer>ptaylor@addressplus.net</maintainer> <required_version>1.2.1</required_version> <status>BETA</status> @@ -935,7 +915,7 @@ <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package>darkstat-3.0.714.tbz</depends_on_package> <depends_on_package_pbi>darkstat-3.0.715-amd64.pbi</depends_on_package_pbi> - <version>3.0.714</version> + <version>3.1.1</version> <status>Stable</status> <required_version>1.2.1</required_version> <maintainer>sullrich+pfsp@gmail.com</maintainer> @@ -1028,7 +1008,7 @@ <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>2.0.1_5 pkg v.0.5</version> + <version>2.0.1_5 pkg v0.6.3</version> <status>BETA</status> <required_version>1.2.1</required_version> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> @@ -1117,7 +1097,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9 pkg v.4.3.4</version> + <version>2.7.9 pkg v.4.3.10</version> <status>Stable</status> <required_version>2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1147,7 +1127,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.1.20 pkg 2.1.2</version> + <version>3.1.20 pkg 2.1.3</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1174,7 +1154,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>3.3.10 pkg 2.2.8</version> + <version>3.3.10 pkg 2.3.0</version> <status>beta</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1219,7 +1199,7 @@ <descr>LCD display driver - Development version</descr> <website>http://www.lcdproc.org/</website> <category>Utility</category> - <version>lcdproc-0.5.6 pkg v. 0.9.11</version> + <version>lcdproc-0.5.6 pkg v. 0.9.14</version> <status>BETA</status> <required_version>2.0</required_version> <maintainer>michele@nt2.it</maintainer> @@ -1242,7 +1222,7 @@ <depends_on_package>arpwatch-2.1.a15_6.tbz</depends_on_package> <depends_on_package_pbi>arpwatch-2.1.a15_6-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/net-mgmt/arpwatch</build_port_path> - <version>2.1.a15_6 pkg v1.1.2</version> + <version>2.1.a15_6 pkg v1.1.3</version> <status>ALPHA</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/arpwatch/arpwatch.xml</config_file> @@ -1384,19 +1364,20 @@ <depends_on_package_pbi>havp-0.91_1-amd64.pbi</depends_on_package_pbi> <build_port_path>/usr/ports/www/havp</build_port_path> <build_options>CLAMAVUSER=havp;CLAMAVGROUP=havp</build_options> - <version>0.91_1 pkg v1.05</version> + <version>0.91_1 pkg v1.10.0</version> <status>BETA</status> <required_version>1.2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/havp/havp.xml</config_file> <configurationfile>havp.xml</configurationfile> <maintainer>dv_serg@mail.ru</maintainer> <after_install_info>Please check the HAVP settings.</after_install_info> + <noembedded>true</noembedded> </package> <package> <name>blinkled</name> <descr>Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.4.3</version> + <version>0.4.6</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>1.2.3</required_version> @@ -1416,7 +1397,7 @@ <name>gwled</name> <descr>Allows you to use LEDs for gateway status on supported platforms (ALIX, WRAP, Soekris, etc)</descr> <category>System</category> - <version>0.2.1</version> + <version>0.2.3</version> <status>Beta</status> <maintainer>jimp@pfsense.org</maintainer> <required_version>2.0</required_version> @@ -1539,7 +1520,7 @@ </build_pbi> <build_options></build_options> <config_file>https://packages.pfsense.org/packages/config/checkmk-agent/checkmk.xml</config_file> - <version>v0.1.2</version> + <version>v0.1.5</version> <status>RC1</status> <required_version>2.0</required_version> <maintainer>marcellocoutinho@gmail.com</maintainer> @@ -1550,7 +1531,7 @@ <descr><![CDATA[Allows to define SSH overrides for users,groups,hosts and addresses using Match in a convenient way.<br /> This package acts as an access list frontend for ssh connections]]></descr> <category>Enhancements</category> - <version>1.0.1</version> + <version>1.0.5</version> <status>Beta</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/sshdcond/sshdcond.xml</config_file> @@ -1601,7 +1582,7 @@ <descr><![CDATA[Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.]]></descr> <website>http://www.bacula.org/</website> <category>Services</category> - <version>5.2.12_3 pkg v 1.0.7</version> + <version>5.2.12_3 pkg v 1.0.12</version> <status>Stable</status> <required_version>2.0</required_version> <config_file>https://packages.pfsense.org/packages/config/bacula-client/bacula-client.xml</config_file> @@ -1794,7 +1775,7 @@ <name>Service Watchdog</name> <descr>Monitors for stopped services and restarts them.</descr> <maintainer>jimp@pfsense.org</maintainer> - <version>1.6</version> + <version>1.7.1</version> <category>Services</category> <status>Release</status> <config_file>https://packages.pfsense.org/packages/config/servicewatchdog/servicewatchdog.xml</config_file> @@ -1810,7 +1791,7 @@ <config_file>https://packages.pfsense.org/packages/config/softflowd/softflowd.xml</config_file> <depends_on_package_base_url>https://files.pfsense.org/packages/amd64/8/All/</depends_on_package_base_url> <depends_on_package_pbi>softflowd-0.9.8_2-amd64.pbi</depends_on_package_pbi> - <version>0.9.8 pkg v1.1</version> + <version>0.9.8 pkg v1.2.1</version> <status>Beta</status> <required_version>2.1</required_version> <configurationfile>softflowd.xml</configurationfile> |