diff options
50 files changed, 2739 insertions, 3053 deletions
diff --git a/config/bandwidthd/bandwidthd.inc b/config/bandwidthd/bandwidthd.inc index 0029a05d..d7973433 100644 --- a/config/bandwidthd/bandwidthd.inc +++ b/config/bandwidthd/bandwidthd.inc @@ -78,6 +78,17 @@ function bandwidthd_install_config() { $subnets .= "subnet " . gen_subnet(get_interface_ip($iface),get_interface_subnet($iface)) . "/" . get_interface_subnet($iface) . "\n"; } } + + /* Configure extra stats subnet(s) */ + $subnets_extra = explode(';', str_replace(' ', '', $bandwidthd_config['subnets_extra'])); + if (is_array($subnets_extra)) { + foreach ($subnets_extra as $sn) { + if (!empty($sn) && is_subnetv4($sn)) { + $subnets .= "subnet {$sn}\n"; + } + } + } + $promiscuous_val = ($bandwidthd_config['promiscuous'] != "" ? "promiscuous true" : "promiscuous false"); $sensor_id_string_val = ($bandwidthd_config['sensorid'] != "" ? "sensor_id \"{$bandwidthd_config['sensorid']}\"" : ""); @@ -102,7 +113,7 @@ function bandwidthd_install_config() { /* Advanced Filter */ if ($bandwidthd_config['advfilter']) { - $filter_text_val = "filter " . escapeshellarg(base64_decode($bandwidthd_config['advfilter'])); + $filter_text_val = 'filter "' . base64_decode($bandwidthd_config['advfilter']) . '"'; } else { $filter_text_val = ""; } @@ -279,7 +290,7 @@ EOD; } /* Cron job for graphs */ - if (($bandwidthd_config['enable']) && ($output_cdf)) { + if (($bandwidthd_config['enable']) && ($bandwidthd_config['outputcdf'])) { // Use cron job to rotate logs every day at 00:01 install_cron_job("/bin/kill -HUP `cat /var/run/bandwidthd.pid`", true, "1", "0"); } else { @@ -376,6 +387,17 @@ function bandwidthd_validate_input($post, &$input_errors) { } else { $input_errors[] = "You must select at least on interface under 'Subnet(s) for Statistics Collection'."; } + // Extra subnets + if ($post['subnets_extra']) { + $subnets_extra = explode(';', str_replace(' ', '', $post['subnets_extra'])); + if (is_array($subnets_extra)) { + foreach ($subnets_extra as $sn) { + if (!is_subnetv4($sn)) { + $input_errors[] = gettext("'Extra Subnet(s) for Statistics Collection' may only contain valid IPv4 subnet(s)."); + } + } + } + } // Only support sane characters in Sensor ID if ($post['sensorid']) { if ((!is_hostname($post['sensorid'])) && !preg_match("/^[a-zA-Z0-9\-\=\(\):. ]*$/", $post['sensorid'])) { diff --git a/config/bandwidthd/bandwidthd.xml b/config/bandwidthd/bandwidthd.xml index 1668f748..c7d6044d 100644 --- a/config/bandwidthd/bandwidthd.xml +++ b/config/bandwidthd/bandwidthd.xml @@ -46,7 +46,7 @@ <name>bandwidthd</name> <version>0.6</version> <title>Diagnostics: Bandwidthd</title> - <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml&id=0</aftersaveredirect> + <aftersaveredirect>/pkg_edit.php?xml=bandwidthd.xml</aftersaveredirect> <include_file>/usr/local/pkg/bandwidthd.inc</include_file> <menu> <name>BandwidthD</name> @@ -58,7 +58,7 @@ <name>BandwidthD Settings</name> <tooltiptext></tooltiptext> <section>Diagnostics</section> - <url>/pkg_edit.php?xml=bandwidthd.xml&id=0</url> + <url>/pkg_edit.php?xml=bandwidthd.xml</url> </menu> <service> <name>bandwidthd</name> @@ -119,6 +119,20 @@ <required/> </field> <field> + <fielddescr>Extra Subnet(s) for Statistics Collection</fielddescr> + <fieldname>subnets_extra</fieldname> + <description> + <![CDATA[ + Specify additional IPv4 subnet(s) in CIDR notation for statistics collection (or leave empty if none). + For multiple subnets, separate entries with ';'<br /> + (Example: 192.168.1.0/24;10.0.0.0/24)<br /> + <strong>Note: Do NOT specify any local subnets already selected in 'Subnet(s) for Statistics Collection' above!</strong> + ]]> + </description> + <type>input</type> + <size>50</size> + </field> + <field> <fielddescr>Promiscuous</fielddescr> <fieldname>promiscuous</fieldname> <description> @@ -155,6 +169,7 @@ </description> <type>checkbox</type> <default_value>on</default_value> + <enablefields>meta_refresh,skipintervals,graphcutoff</enablefields> </field> <field> <fielddescr>Meta Refresh</fielddescr> @@ -194,6 +209,7 @@ <fieldname>outputcdf</fieldname> <description>Log data to CDF files log*.cdf</description> <type>checkbox</type> + <enablefields>recovercdf</enablefields> </field> <field> <fielddescr>Recover CDF</fielddescr> @@ -279,7 +295,7 @@ <type>textarea</type> <encoding>base64</encoding> <cols>65</cols> - <rows>1</rows> + <rows>5</rows> <advancedfield/> </field> </fields> diff --git a/config/haproxy-devel/pkg/haproxy.inc b/config/haproxy-devel/pkg/haproxy.inc index e9bdbf47..13477677 100644 --- a/config/haproxy-devel/pkg/haproxy.inc +++ b/config/haproxy-devel/pkg/haproxy.inc @@ -367,10 +367,10 @@ function haproxy_custom_php_deinstall_command() { update_output_window($static_output); unlink_if_exists("/usr/local/etc/rc.d/haproxy.sh"); unlink_if_exists("/etc/rc.haproxy_ocsp.sh"); - $static_output .= "HAProxy, installing cron job if needed\n"; + $static_output .= "HAProxy, uninstalling cron job if needed\n"; update_output_window($static_output); - haproxy_install_cron(false); - haproxy_install_cronjob(false, '/etc/rc.haproxy_ocsp.sh'); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command() DONE\n"; update_output_window($static_output); } @@ -492,96 +492,6 @@ EOD; update_output_window($static_output); } -function haproxy_install_cronjob($should_install, $script, $interval = 60, $parameters = "") { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], $script)) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/{$interval}"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "$script $parameters"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron job"); - } - configure_cron(); - } - break; - } -} - -function haproxy_install_cron($should_install) { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "/usr/local/etc/rc.d/haproxy.sh")) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/2"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/etc/rc.d/haproxy.sh onecheck"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron CARP job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron CARP job"); - } - configure_cron(); - } - break; - } -} - function haproxy_find_backend($backendname) { global $config; $a_backends = &$config['installedpackages']['haproxy']['ha_pools']['item']; @@ -1794,12 +1704,16 @@ function haproxy_check_run($reload) { haproxy_updateocsp(false); if (isset($a_global['carpdev'])) - haproxy_install_cron(true); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", true, "*/2"); else - haproxy_install_cron(false); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); $useocsp = haproxy_uses_ocsp(); - haproxy_install_cronjob($useocsp, '/etc/rc.haproxy_ocsp.sh', 120); + if ($useocsp == "true") { + install_cron_job("/etc/rc.haproxy_ocsp.sh", true, "*/120"); + } else { + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); + } } if(isset($a_global['enable'])) { diff --git a/config/haproxy1_5/pkg/haproxy.inc b/config/haproxy1_5/pkg/haproxy.inc index 8ba7e437..f539cff5 100644 --- a/config/haproxy1_5/pkg/haproxy.inc +++ b/config/haproxy1_5/pkg/haproxy.inc @@ -347,10 +347,10 @@ function haproxy_custom_php_deinstall_command() { update_output_window($static_output); unlink_if_exists("/usr/local/etc/rc.d/haproxy.sh"); unlink_if_exists("/etc/rc.haproxy_ocsp.sh"); - $static_output .= "HAProxy, installing cron job if needed\n"; + $static_output .= "HAProxy, uninstalling cron job if needed\n"; update_output_window($static_output); - haproxy_install_cron(false); - haproxy_install_cronjob(false, '/etc/rc.haproxy_ocsp.sh'); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); $static_output .= "HAProxy, running haproxy_custom_php_deinstall_command() DONE\n"; update_output_window($static_output); } @@ -472,95 +472,6 @@ EOD; update_output_window($static_output); } -function haproxy_install_cronjob($should_install, $script, $interval = 60, $parameters = "") { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], $script)) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/{$interval}"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "$script $parameters"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron job"); - } - configure_cron(); - } - break; - } -} - -function haproxy_install_cron($should_install) { - global $config, $g; - if($g['booting']==true) - return; - $is_installed = false; - if(!$config['cron']['item']) - return; - $x=0; - foreach($config['cron']['item'] as $item) { - if(strstr($item['command'], "/usr/local/etc/rc.d/haproxy.sh")) { - $is_installed = true; - break; - } - $x++; - } - switch($should_install) { - case true: - if(!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/2"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/etc/rc.d/haproxy.sh onecheck"; - $config['cron']['item'][] = $cron_item; - parse_config(true); - write_config("haproxy, install cron CARP job"); - configure_cron(); - } - break; - case false: - if($is_installed == true) { - if($x > 0) { - unset($config['cron']['item'][$x]); - parse_config(true); - write_config("haproxy, remove cron CARP job"); - } - configure_cron(); - } - break; - } -} function haproxy_find_backend($backendname) { global $config; @@ -1729,12 +1640,16 @@ function haproxy_check_run($reload) { haproxy_updateocsp(false); if (isset($a_global['carpdev'])) - haproxy_install_cron(true); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", true, "*/2"); else - haproxy_install_cron(false); + install_cron_job("/usr/local/etc/rc.d/haproxy.sh onecheck", false); $useocsp = haproxy_uses_ocsp(); - haproxy_install_cronjob($useocsp, '/etc/rc.haproxy_ocsp.sh', 120); + if ($useocsp == "true") { + install_cron_job("/etc/rc.haproxy_ocsp.sh", true, "*/120"); + } else { + install_cron_job("/etc/rc.haproxy_ocsp.sh", false); + } } if(isset($a_global['enable'])) { diff --git a/config/openbgpd/openbgpd.inc b/config/openbgpd/openbgpd.inc index 102c937d..93364be9 100644 --- a/config/openbgpd/openbgpd.inc +++ b/config/openbgpd/openbgpd.inc @@ -1,8 +1,9 @@ <?php /* openbgpd.inc + part of pfSense (https://www.pfSense.org/) Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) - part of pfSense + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -32,100 +33,113 @@ require_once("service-utils.inc"); define('PKG_BGPD_CONFIG_BASE', '/var/etc/openbgpd'); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2") +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { define('PKG_BGPD_BIN', '/usr/pbi/openbgpd-' . php_uname("m") . '/sbin'); -else +} else { define('PKG_BGPD_BIN','/usr/local/sbin'); +} -define('PKG_BGPD_LOGIN', "_bgpd"); -define('PKG_BGPD_UID', "130"); -define('PKG_BGPD_GROUP', "_bgpd"); -define('PKG_BGPD_GID', "130"); -define('PKG_BGPD_GECOS', "BGP Daemon"); -define('PKG_BGPD_HOMEDIR', "/var/empty"); -define('PKG_BGPD_SHELL', "/usr/sbin/nologin"); +define('PKG_BGPD_LOGIN', "_bgpd"); +define('PKG_BGPD_UID', "130"); +define('PKG_BGPD_GROUP', "_bgpd"); +define('PKG_BGPD_GID', "130"); +define('PKG_BGPD_GECOS', "BGP Daemon"); +define('PKG_BGPD_HOMEDIR', "/var/empty"); +define('PKG_BGPD_SHELL', "/usr/sbin/nologin"); function openbgpd_install_conf() { global $config, $g; - $pkg_login = PKG_BGPD_LOGIN; - $pkg_uid = PKG_BGPD_UID; - $pkg_group = PKG_BGPD_GROUP; - $pkg_gid = PKG_BGPD_GID; - $pkg_gecos = PKG_BGPD_GECOS; - $pkg_homedir = PKG_BGPD_HOMEDIR; - $pkg_shell = PKG_BGPD_SHELL; - $pkg_bin = PKG_BGPD_BIN; + $pkg_login = PKG_BGPD_LOGIN; + $pkg_uid = PKG_BGPD_UID; + $pkg_group = PKG_BGPD_GROUP; + $pkg_gid = PKG_BGPD_GID; + $pkg_gecos = PKG_BGPD_GECOS; + $pkg_homedir = PKG_BGPD_HOMEDIR; + $pkg_shell = PKG_BGPD_SHELL; + $pkg_bin = PKG_BGPD_BIN; conf_mount_rw(); - // Since we need to embed this in a string, copy to a var. Can't embed constnats. + // Since we need to embed this in a string, copy to a var. Can't embed constants. $bgpd_config_base = PKG_BGPD_CONFIG_BASE; if ($config['installedpackages']['openbgpd']['rawconfig'] && $config['installedpackages']['openbgpd']['rawconfig']['item']) { - // if there is a raw config specified in the config.xml use that instead of the assisted config - $conffile = implode("\n",$config['installedpackages']['openbgpd']['rawconfig']['item']); + // If there is a raw config specified in the config.xml, use that instead of the assisted config + $conffile = implode("\n", $config['installedpackages']['openbgpd']['rawconfig']['item']); //$conffile = $config['installedpackages']['openbgpd']['rawconfig']; } else { - // generate bgpd.conf based on the assistant - if($config['installedpackages']['openbgpd']['config']) + // Generate bgpd.conf based on the assistant + if ($config['installedpackages']['openbgpd']['config']) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; - if($config['installedpackages']['openbgpd']['config'][0]['row']) + } + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; - if($config['installedpackages']['openbgpdgroups']['config']) + } + if ($config['installedpackages']['openbgpdgroups']['config']) { $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; - if($config['installedpackages']['openbgpdneighbors']['config']) + } + if ($config['installedpackages']['openbgpdneighbors']['config']) { $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; + } - $conffile = "# This file was created by the package manager. Do not edit!\n\n"; + $conffile = "# This file was created by the package manager. Do not edit!\n\n"; // Setup AS # - if($openbgpd_conf['asnum']) + if ($openbgpd_conf['asnum']) { $conffile .= "AS {$openbgpd_conf['asnum']}\n"; + } - if($openbgpd_conf['fibupdate']) + if ($openbgpd_conf['fibupdate']) { $conffile .= "fib-update {$openbgpd_conf['fibupdate']}\n"; + } - // Setup holdtime if defined. Default is 90. - if($openbgpd_conf['holdtime']) + // Setup holdtime if defined. Default is 90. + if ($openbgpd_conf['holdtime']) { $conffile .= "holdtime {$openbgpd_conf['holdtime']}\n"; + } - // Specify listen ip - if(!empty($openbgpd_conf['listenip'])) + // Specify listen IP + if (!empty($openbgpd_conf['listenip'])) { $conffile .= "listen on {$openbgpd_conf['listenip']}\n"; - else + } else { $conffile .= "listen on 0.0.0.0\n"; - + } + // Specify router id - if($openbgpd_conf['routerid']) + if ($openbgpd_conf['routerid']) { $conffile .= "router-id {$openbgpd_conf['routerid']}\n"; + } // Handle advertised networks - if($config['installedpackages']['openbgpd']['config'][0]['row']) - if(is_array($openbgpd_rows)) - foreach($openbgpd_rows as $row) + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { + if (is_array($openbgpd_rows)) { + foreach ($openbgpd_rows as $row) { $conffile .= "network {$row['networks']}\n"; - + } + } + } // Attach neighbors to their respective group owner - if(is_array($openbgpd_groups)) { - foreach($openbgpd_groups as $group) { + if (is_array($openbgpd_groups)) { + foreach ($openbgpd_groups as $group) { $conffile .= "group \"{$group['name']}\" {\n"; $conffile .= " remote-as {$group['remoteas']}\n"; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == $group['name']) { $conffile .= "\tneighbor {$neighbor['neighbor']} {\n"; $conffile .= "\t\tdescr \"{$neighbor['descr']}\"\n"; - if($neighbor['md5sigpass']) { + if ($neighbor['md5sigpass']) { $conffile .= "\t\ttcp md5sig password {$neighbor['md5sigpass']}\n"; } - if($neighbor['md5sigkey']) { + if ($neighbor['md5sigkey']) { $conffile .= "\t\ttcp md5sig key {$neighbor['md5sigkey']}\n"; } $setlocaladdr = true; if (is_array($neighbor['row'])) { - foreach($neighbor['row'] as $row) { - if ($row['parameters'] == "local-address") + foreach ($neighbor['row'] as $row) { + if ($row['parameters'] == "local-address") { $setlocaladdr = false; + } $conffile .= "\t\t{$row['parameters']} {$row['parmvalue']} \n"; } } @@ -136,7 +150,6 @@ function openbgpd_install_conf() { $conffile .= "\t\tlocal-address 0.0.0.0\n"; } } - $conffile .= "}\n"; } } @@ -146,12 +159,12 @@ function openbgpd_install_conf() { } // Handle neighbors that do not have a group assigned to them - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == "") { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == "") { $conffile .= "neighbor {$neighbor['neighbor']} {\n"; $conffile .= "\tdescr \"{$neighbor['descr']}\"\n"; - if ($neighbor['md5sigpass']) { + if ($neighbor['md5sigpass']) { $conffile .= "\ttcp md5sig password {$neighbor['md5sigpass']}\n"; } if ($neighbor['md5sigkey']) { @@ -159,17 +172,18 @@ function openbgpd_install_conf() { } $setlocaladdr = true; if (is_array($neighbor['row'])) { - foreach($neighbor['row'] as $row) { - if ($row['parameters'] == "local-address") + foreach ($neighbor['row'] as $row) { + if ($row['parameters'] == "local-address") { $setlocaladdr = false; + } $conffile .= "\t{$row['parameters']} {$row['parmvalue']} \n"; } } - if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) + if ($setlocaladdr == true && !empty($openbgpd_conf['listenip'])) { $conffile .= "\tlocal-address {$openbgpd_conf['listenip']}\n"; - else + } else { $conffile .= "\tlocal-address 0.0.0.0\n"; - + } $conffile .= "}\n"; } } @@ -178,8 +192,8 @@ function openbgpd_install_conf() { // OpenBGPD filters $conffile .= "deny from any\n"; $conffile .= "deny to any\n"; - if(is_array($openbgpd_neighbors)) { - foreach($openbgpd_neighbors as $neighbor) { + if (is_array($openbgpd_neighbors)) { + foreach ($openbgpd_neighbors as $neighbor) { $conffile .= "allow from {$neighbor['neighbor']}\n"; $conffile .= "allow to {$neighbor['neighbor']}\n"; } @@ -194,7 +208,7 @@ function openbgpd_install_conf() { $carp_ip_status_check = ""; if (is_ipaddr($openbgpd_conf['carpstatusip'])) { - $pfs_version = substr(trim(file_get_contents("/etc/version")),0,3); + $pfs_version = substr(trim(file_get_contents("/etc/version")), 0, 3); switch ($pfs_version) { case "2.0": case "2.1": @@ -233,22 +247,22 @@ EOF; // Create rc.d file $rc_file_stop = <<<EOF -killall -TERM bgpd +/usr/bin/killall -TERM bgpd EOF; $rc_file_start = <<<EOF -if [ `pw groupshow {$pkg_group} 2>&1 | grep -c "pw: unknown group"` -gt 0 ]; then +if [ `/usr/sbin/pw groupshow {$pkg_group} 2>&1 | /usr/bin/grep -c "pw: unknown group"` -gt 0 ]; then /usr/sbin/pw groupadd {$pkg_group} -g {$pkg_gid} fi -if [ `pw usershow {$pkg_login} 2>&1 | grep -c "pw: no such user"` -gt 0 ]; then +if [ `/usr/sbin/pw usershow {$pkg_login} 2>&1 | /usr/bin/grep -c "pw: no such user"` -gt 0 ]; then /usr/sbin/pw useradd {$pkg_login} -u {$pkg_uid} -g {$pkg_gid} -c "{$pkg_gecos}" -d {$pkg_homedir} -s {$pkg_shell} fi /bin/mkdir -p {$bgpd_config_base} /usr/sbin/chown -R root:wheel {$bgpd_config_base} -/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf +/bin/chmod 0600 {$bgpd_config_base}/bgpd.conf -NUMBGPD=`ps auxw | grep -c '[b]gpd.*parent'` +NUMBGPD=`/bin/ps auxw | /usr/bin/grep -c '[b]gpd.*parent'` if [ \${NUMBGPD} -lt 1 ] ; then {$carp_ip_status_check} {$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf @@ -259,13 +273,13 @@ EOF; write_rcfile(array( "file" => "bgpd.sh", "start" => $rc_file_start, - "stop" => $rc_file_stop + "stop" => $rc_file_stop ) ); unset($rc_file_start, $rc_file_stop); $_gb = exec("/sbin/sysctl net.inet.ip.ipsec_in_use=1"); - // bgpd process running? if so reload, else start. + // Is bgpd process running? If so, reload, else start. // Kick off newly created rc.d script if (is_ipaddr($openbgpd_conf['carpstatusip'])) { @@ -274,7 +288,7 @@ EOF; // Stop the service if the VIP is in BACKUP or INIT state. case "BACKUP": case "INIT": - exec("/usr/local/etc/rc.d/bgpd.sh stop"); + stop_service("bgpd"); break; // Start the service if the VIP is MASTER state. case "MASTER": @@ -291,30 +305,31 @@ EOF; } function openbgpd_restart() { - if(is_openbgpd_running() == true) { + if (is_openbgpd_running() == true) { exec("{$pkg_bin}/bgpctl reload"); } else { exec("{$pkg_bin}/bgpd -f {$bgpd_config_base}/bgpd.conf"); } } -// get the raw openbgpd confi file for manual inspection/editing +// Get the raw openbgpd config file for manual inspection/editing function openbgpd_get_raw_config() { $conf = PKG_BGPD_CONFIG_BASE . "/bgpd.conf"; - if (file_exists($conf)) + if (file_exists($conf)) { return file_get_contents($conf); - else + } else { return ""; + } } -// serialize the raw openbgpd config file to config.xml +// Serialize the raw openbgpd config file to config.xml function openbgpd_put_raw_config($conffile) { global $config; - if ($conffile == "") + if ($conffile == "") { unset($config['installedpackages']['openbgpd']['rawconfig']); - else { + } else { $config['installedpackages']['openbgpd']['rawconfig'] = array(); - $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n",$_POST['openbgpd_raw']); + $config['installedpackages']['openbgpd']['rawconfig']['item'] = explode("\n", $_POST['openbgpd_raw']); //$config['installedpackages']['openbgpd']['rawconfig'] = $conffile; } } @@ -322,20 +337,25 @@ function openbgpd_put_raw_config($conffile) { function check_group_usage($groupname) { global $config, $g; - if($config['installedpackages']['openbgpd']['config']) + if ($config['installedpackages']['openbgpd']['config']) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; - if($config['installedpackages']['openbgpd']['config'][0]['row']) + } + if ($config['installedpackages']['openbgpd']['config'][0]['row']) { $openbgpd_rows = &$config['installedpackages']['openbgpd']['config'][0]['row']; - if($config['installedpackages']['openbgpdgroups']['config']) + } + if ($config['installedpackages']['openbgpdgroups']['config']) { $openbgpd_groups = &$config['installedpackages']['openbgpdgroups']['config']; - if($config['installedpackages']['openbgpdneighbors']['config']) + } + if ($config['installedpackages']['openbgpdneighbors']['config']) { $openbgpd_neighbors = &$config['installedpackages']['openbgpdneighbors']['config']; + } - if(is_array($openbgpd_groups)) { - foreach($openbgpd_groups as $group) { - foreach($openbgpd_neighbors as $neighbor) { - if($neighbor['groupname'] == $group['name']) + if (is_array($openbgpd_groups)) { + foreach ($openbgpd_groups as $group) { + foreach ($openbgpd_neighbors as $neighbor) { + if ($neighbor['groupname'] == $group['name']) { return $neighbor['groupname']; + } } } } @@ -345,36 +365,39 @@ function check_group_usage($groupname) { function bgpd_validate_input() { global $config, $g, $input_errors; - - if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) + if (!empty($_POST['asnum']) && !is_numeric($_POST['asnum'])) { $input_errors[] = "AS must be entered as a number only."; + } - if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) { $input_errors[] = "Router ID must be an IP address."; + } - if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) + if (!empty($_POST['holdtime']) && !is_numeric($_POST['holdtime'])) { $input_errors[] = "Holdtime must be entered as a number."; + } - if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) + if (!empty($_POST['listenip']) && !is_ipaddr($_POST['listenip'])) { $input_errors[] = "Listen IP must be an IP address or blank to bind to all IPs."; - + } } function bgpd_validate_group() { global $config, $g, $id, $input_errors; - if (!is_numeric($_POST['remoteas'])) + if (!is_numeric($_POST['remoteas'])) { $input_errors[] = "Remote AS must be entered as a number only."; + } - if ($_POST['name'] == "") + if ($_POST['name'] == "") { $input_errors[] = "You must enter a name."; + } $_POST['name'] = remove_bad_chars($_POST['name']); - } function remove_bad_chars($string) { - return preg_replace('/[^a-z|_|0-9]/i','',$string); + return preg_replace('/[^a-z|_|0-9]/i','', $string); } function grey_out_value_boxes() { @@ -411,11 +434,12 @@ EOF; } function is_openbgpd_running() { - $status = `ps auxw | grep -c '[b]gpd.*parent'`; - if(intval($status) > 0) + $status = shell_exec("/bin/ps auxw | /usr/bin/grep -c '[b]gpd.*parent'"); + if (intval($status) > 0) { return true; - else + } else { return false; + } } function openbgpd_get_carp_status_by_ip($ipaddr) { @@ -423,8 +447,9 @@ function openbgpd_get_carp_status_by_ip($ipaddr) { if ($iface) { $status = get_carp_interface_status($iface); // If there is no status for that interface, return null. - if (!$status) + if (!$status) { $status = null; + } } else { // If there is no VIP by that IP, return null. $status = null; @@ -440,7 +465,7 @@ function openbgpd_plugin_carp($pluginparams) { // $pluginparams['interface'] contains the affected interface /* If there is no bgp config, then stop */ - if(is_array($config['installedpackages']['openbgpd']['config'])) { + if (is_array($config['installedpackages']['openbgpd']['config'])) { $openbgpd_conf = &$config['installedpackages']['openbgpd']['config'][0]; } else { return null; diff --git a/config/openbgpd/openbgpd_groups.xml b/config/openbgpd/openbgpd_groups.xml index 3ece75f2..2c6f8be7 100644 --- a/config/openbgpd/openbgpd_groups.xml +++ b/config/openbgpd/openbgpd_groups.xml @@ -2,47 +2,47 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - openbgpd_groups.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) - All rights reserved. - */ -/* ========================================================================== */ + openbgpd_groups.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>OpenBGPDGroups</name> - <version>1</version> + <version>0.9.3.6</version> <title>Services: OpenBGPD Groups</title> <include_file>/usr/local/pkg/openbgpd.inc</include_file> <tabs> @@ -59,11 +59,11 @@ <url>/pkg.php?xml=openbgpd_groups.xml</url> <active/> </tab> - <tab> - <text>Raw config</text> - <url>/openbgpd_raw.php</url> - </tab> - <tab> + <tab> + <text>Raw config</text> + <url>/openbgpd_raw.php</url> + </tab> + <tab> <text>Status</text> <url>/openbgpd_status.php</url> </tab> @@ -86,21 +86,18 @@ <field> <fielddescr>Name</fielddescr> <fieldname>name</fieldname> - <description></description> <type>input</type> <size>35</size> </field> <field> <fielddescr>Remote AS</fielddescr> <fieldname>remoteas</fieldname> - <description></description> <type>input</type> <size>8</size> </field> <field> <fielddescr>Description</fielddescr> <fieldname>descr</fieldname> - <description></description> <type>input</type> <size>80</size> </field> diff --git a/config/openbgpd/openbgpd_neighbors.xml b/config/openbgpd/openbgpd_neighbors.xml index 5553c022..6872b793 100644 --- a/config/openbgpd/openbgpd_neighbors.xml +++ b/config/openbgpd/openbgpd_neighbors.xml @@ -2,47 +2,47 @@ <!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - openbgpd_neighbors.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) - All rights reserved. - */ -/* ========================================================================== */ + openbgpd_neighbors.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>OpenBGPDNeighbors</name> - <version>1</version> + <version>0.9.3.6</version> <title>Services: OpenBGPD Neighbors</title> <include_file>/usr/local/pkg/openbgpd.inc</include_file> <tabs> @@ -76,7 +76,7 @@ <columnitem> <fielddescr>Group</fielddescr> <fieldname>groupname</fieldname> - </columnitem> + </columnitem> <columnitem> <fielddescr>Neighbor</fielddescr> <fieldname>neighbor</fieldname> @@ -100,13 +100,13 @@ <field> <fielddescr>TCP-MD5 key</fielddescr> <fieldname>md5sigkey</fieldname> - <description>The md5 key to communicate with the peer. Does not work with Cisco BGP routers. If the Local Addr option is not set listening ip will be used.</description> + <description>The MD5 key to communicate with the peer. Does not work with Cisco BGP routers. If the 'Local Addr' option is not set, listening IP will be used.</description> <type>input</type> </field> <field> <fielddescr>TCP-MD5 password</fielddescr> <fieldname>md5sigpass</fieldname> - <description>The md5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. If the Local Addr option is not set listenning ip will be used.</description> + <description>The MD5 password to communicate with the peer. Use this when communicating with a Cisco BGP router. If the 'Local Addr' option is not set, listening IP will be used.</description> <type>input</type> </field> <field> @@ -124,13 +124,13 @@ <field> <fielddescr>Neighbor Parameters</fielddescr> <fieldname>Neighbor Parameters</fieldname> - <type>rowhelper</type> - <rowhelper> + <type>rowhelper</type> + <rowhelper> <rowhelperfield> - <fielddescr>Parameters</fielddescr> - <fieldname>parameters</fieldname> - <description>Neighbor settings.</description> - <type>select</type> + <fielddescr>Parameters</fielddescr> + <fieldname>parameters</fieldname> + <description>Neighbor settings</description> + <type>select</type> <options> <option><name>Announce all</name><value>announce all</value></option> <option><name>Announce none</name><value>announce none</value></option> @@ -148,40 +148,42 @@ <option><name>Softreconfig out no</name><value>softreconfig out no</value></option> <option><name>Tcp md5sig password X</name><value>tcp md5sig password</value></option> <option><name>Local address X</name><value>local-address</value></option> - <option><name>set nexthop X</name><value>set nexthop</value></option> - <option><name>set nexthop blackhole</name><value>set nexthop blackhole</value></option> - <option><name>set nexthop reject</name><value>set nexthop reject</value></option> - <option><name>set nexthop no-modify</name><value>set nexthop no-modify</value></option> - <option><name>set nexthop self</name><value>set nexthop self</value></option> + <option><name>set nexthop X</name><value>set nexthop</value></option> + <option><name>set nexthop blackhole</name><value>set nexthop blackhole</value></option> + <option><name>set nexthop reject</name><value>set nexthop reject</value></option> + <option><name>set nexthop no-modify</name><value>set nexthop no-modify</value></option> + <option><name>set nexthop self</name><value>set nexthop self</value></option> </options> </rowhelperfield> <rowhelperfield> - <fielddescr>Value</fielddescr> - <fieldname>parmvalue</fieldname> - <type>input</type> - <size>25</size> + <fielddescr>Value</fielddescr> + <fieldname>parmvalue</fieldname> + <type>input</type> + <size>25</size> </rowhelperfield> - </rowhelper> + </rowhelper> </field> </fields> <custom_php_command_before_form> + <![CDATA[ $newoptions = array(); $new_groups = array(); - if($config['installedpackages']['openbgpdgroups']['config']) { - foreach($config['installedpackages']['openbgpdgroups']['config'] as $item) - $new_groups[] = $item['name']; - $counter = 0; - foreach($new_groups as $group) { + if ($config['installedpackages']['openbgpdgroups']['config']) { + foreach ($config['installedpackages']['openbgpdgroups']['config'] as $item) { + $new_groups[] = $item['name']; + } + $counter = 0; + foreach ($new_groups as $group) { $newoptions['option'][$counter]['name'] = $group; $newoptions['option'][$counter]['value'] = $group; $counter++; - } + } $newoptions['option'][$counter]['name'] = ""; - $newoptions['option'][$counter]['value'] = ""; + $newoptions['option'][$counter]['value'] = ""; $pkg['fields']['field'][4]['options'] = $newoptions; $counter = 0; - foreach($pkg['fields']['field'] as $field) { - if($field['name'] == "group") { + foreach ($pkg['fields']['field'] as $field) { + if ($field['name'] == "group") { $foundgroupid = $counter; echo "found it: $counter"; } @@ -190,11 +192,10 @@ } else { $newoptions['option'][0]['name'] = ""; $newoptions['option'][0]['value'] = ""; - $pkg['fields']['field'][4]['options'] =$newoptions; + $pkg['fields']['field'][4]['options'] = $newoptions; } + ]]> </custom_php_command_before_form> - <custom_php_deinstall_command> - </custom_php_deinstall_command> <custom_php_resync_config_command> openbgpd_install_conf(); </custom_php_resync_config_command> diff --git a/config/openbgpd/openbgpd_raw.php b/config/openbgpd/openbgpd_raw.php index ac6826b3..72a961a3 100644 --- a/config/openbgpd/openbgpd_raw.php +++ b/config/openbgpd/openbgpd_raw.php @@ -1,9 +1,9 @@ <?php -/* $Id$ */ /* openbgpd_raw.php - part of pfSense (https://www.pfsense.org/) - Copyright (C) 2009 Aarno Aukia (aarnoaukia@gmail.com) + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Aarno Aukia (aarnoaukia@gmail.com) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,36 +27,26 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); require("openbgpd.inc"); global $config; if (isset($_POST['openbgpd_raw'])) { - openbgpd_put_raw_config($_POST['openbgpd_raw']); - write_config(); - openbgpd_install_conf(); + openbgpd_put_raw_config($_POST['openbgpd_raw']); + write_config(); + openbgpd_install_conf(); } $openbgpd_raw = openbgpd_get_raw_config(); -if ($config['version'] >= 6) - $pgtitle = array("OpenBGPD", "Raw config"); -else - $pgtitle = "OpenBGPD: Raw config"; - +$pgtitle = array("OpenBGPD", "Raw config"); include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> -<?php - if ($config['version'] < 6) - echo '<p class="pgtitle">' . $pgtitle . '</font></p>'; -?> - <?php if ($savemsg) print_info_box($savemsg); ?> <div id="mainlevel"> @@ -71,29 +61,21 @@ include("head.inc"); display_top_tabs($tab_array); ?> </table> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <form action="openbgpd_raw.php" method="post" name="iform" id="iform"> - <tr> - <td class="tabcont" > - You can edit the raw bgpd.conf here.<br> - Note: Once you click "Save" below, the assistant (in the "Settings", "Neighbors" and "Groups" tabs above) will be overridden with whatever you type here. To get back the assisted config save this form below once with an empty input field. - </td> - </tr> - <tr> - <td class="tabcont" > - <textarea name="openbgpd_raw" rows="40" cols="80"><? echo $openbgpd_raw; ?></textarea> - </td> - </tr> - <tr> - <td> - <input name="Submit" type="submit" class="formbtn" value="Save"> <input class="formbtn" type="button" value="Cancel" on - click="history.back()"> - </td> - </tr> - </form> + <form action="openbgpd_raw.php" method="post" name="iform" id="iform"> + <tr><td class="tabcont" > + You can edit the raw bgpd.conf here.<br /> + Note: Once you click "Save" below, the assistant (in the "Settings", "Neighbors" and "Groups" tabs above) will be overridden with whatever you type here.<br /> + To get back the assisted config, save this form below once with an empty input field. + </td></tr> + <tr><td class="tabcont" > + <textarea name="openbgpd_raw" rows="40" cols="80"><? echo $openbgpd_raw; ?></textarea> + </td></tr> + <tr><td> + <input name="Submit" type="submit" class="formbtn" value="Save" /><input class="formbtn" type="button" value="Cancel" onclick="history.back()" /> + </td></tr> + </form> </table> - </div> <?php include("fend.inc"); ?> diff --git a/config/openbgpd/openbgpd_status.php b/config/openbgpd/openbgpd_status.php index 58d63795..ed23499f 100644 --- a/config/openbgpd/openbgpd_status.php +++ b/config/openbgpd/openbgpd_status.php @@ -1,9 +1,9 @@ <?php -/* $Id$ */ /* openbgpd_status.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2007 Scott Ullrich (sullrich@gmail.com) + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -27,36 +27,32 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); $commands = array(); -defCmdT("summary", "OpenBGPD Summary", "/usr/local/sbin/bgpctl show summary"); -defCmdT("interfaces", "OpenBGPD Interfaces", "/usr/local/sbin/bgpctl show interfaces"); -defCmdT("routing", "OpenBGPD Routing", "/usr/local/sbin/bgpctl show rib", true, 4); -defCmdT("forwarding", "OpenBGPD Forwarding", "/usr/local/sbin/bgpctl show fib", true, 5); -defCmdT("network", "OpenBGPD Network", "/usr/local/sbin/bgpctl show network"); -defCmdT("nexthops", "OpenBGPD Nexthops", "/usr/local/sbin/bgpctl show nexthop"); -defCmdT("ip", "OpenBGPD IP", "/usr/local/sbin/bgpctl show ip bgp", true, 4); -defCmdT("neighbors", "OpenBGPD Neighbors", "/usr/local/sbin/bgpctl show neighbor"); +defCmdT("summary", "OpenBGPD Summary", "/usr/local/sbin/bgpctl show summary"); +defCmdT("interfaces", "OpenBGPD Interfaces", "/usr/local/sbin/bgpctl show interfaces"); +defCmdT("routing", "OpenBGPD Routing", "/usr/local/sbin/bgpctl show rib", true, 4); +defCmdT("forwarding", "OpenBGPD Forwarding", "/usr/local/sbin/bgpctl show fib", true, 5); +defCmdT("network", "OpenBGPD Network", "/usr/local/sbin/bgpctl show network"); +defCmdT("nexthops", "OpenBGPD Nexthops", "/usr/local/sbin/bgpctl show nexthop"); +defCmdT("ip", "OpenBGPD IP", "/usr/local/sbin/bgpctl show ip bgp", true, 4); +defCmdT("neighbors", "OpenBGPD Neighbors", "/usr/local/sbin/bgpctl show neighbor"); if (isset($_REQUEST['isAjax'])) { if (isset($_REQUEST['cmd']) && isset($commands[$_REQUEST['cmd']])) { echo "{$_REQUEST['cmd']}\n"; - if (isset($_REQUEST['count'])) + if (isset($_REQUEST['count'])) { echo " of " . countCmdT($commands[$_REQUEST['cmd']]['command']) . " items"; - else + } else { echo htmlspecialchars_decode(doCmdT($commands[$_REQUEST['cmd']]['command'], $_REQUEST['limit'], $_REQUEST['filter'], $_REQUEST['header_size'])); + } } exit; } -if ($config['version'] >= 6) - $pgtitle = array("OpenBGPD", "Status"); -else - $pgtitle = "OpenBGPD: Status"; - +$pgtitle = array("OpenBGPD", "Status"); include("head.inc"); function doCmdT($command, $limit = "all", $filter = "", $header_size = 0) { @@ -88,9 +84,9 @@ function doCmdT($command, $limit = "all", $filter = "", $header_size = 0) { function countCmdT($command) { $fd = popen("{$command} 2>&1", "r"); $c = 0; - while (fgets($fd) !== FALSE) + while (fgets($fd) !== FALSE) { $c++; - + } pclose($fd); return $c; @@ -118,7 +114,7 @@ function showCmdT($idx, $data) { echo "</td></tr>\n"; } - echo "<tr><td colspan=\"2\" class=\"listlr\"><pre id=\"{$idx}\">"; /* no newline after pre */ + echo "<tr><td colspan=\"2\" class=\"listlr\"><pre id=\"{$idx}\">"; // no newline after pre echo "Gathering data, please wait...\n"; echo "</pre></td></tr>\n"; echo "</table>\n"; @@ -127,7 +123,7 @@ function showCmdT($idx, $data) { /* Define a command, with a title, to be executed later. */ function defCmdT($idx, $title, $command, $has_filter = false, $header_size = 0) { global $commands; - $title = htmlspecialchars($title,ENT_NOQUOTES); + $title = htmlspecialchars($title, ENT_NOQUOTES); $commands[$idx] = array( 'title' => $title, 'command' => $command, @@ -140,16 +136,18 @@ function listCmds() { global $commands; echo "<p>This status page includes the following information:\n"; echo "<ul width=\"700\">\n"; - foreach ($commands as $idx => $command) + foreach ($commands as $idx => $command) { echo "<li><strong><a href=\"#" . $command['title'] . "\">" . $command['title'] . "</a></strong></li>\n"; + } echo "</ul>\n"; } /* Execute all of the commands which were defined by a call to defCmd. */ function execCmds() { global $commands; - foreach ($commands as $idx => $command) + foreach ($commands as $idx => $command) { showCmdT($idx, $command); + } } ?> @@ -216,8 +214,9 @@ function execCmds() { function exec_all_cmds() { <?php foreach ($commands as $idx => $command) { - if ($command['has_filter']) + if ($command['has_filter']) { echo "\t\tupdate_count('{$idx}', {$command['header_size']});\n"; + } echo "\t\tupdate_filter('{$idx}', {$command['header_size']});\n"; } ?> @@ -231,11 +230,6 @@ else //]]> </script> -<?php - if ($config['version'] < 6) - echo '<p class="pgtitle">' . $pgtitle . '</font></p>'; -?> - <?php if ($savemsg) print_info_box($savemsg); ?> <div id="mainlevel"> @@ -251,17 +245,13 @@ else ?> </table> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr> - <td class="tabcont" > - - <div id="cmdspace" style="width:100%"> - <?php listCmds(); ?> - - <?php execCmds(); ?> - </div> + <tr><td class="tabcont" > + <div id="cmdspace" style="width:100%"> + <?php listCmds(); ?> - </td> - </tr> + <?php execCmds(); ?> + </div> + </td></tr> </table> </div> diff --git a/config/pfblockerng/countrycodes.tar.bz2 b/config/pfblockerng/countrycodes.tar.bz2 Binary files differindex 12cc1b5b..ea189de6 100644 --- a/config/pfblockerng/countrycodes.tar.bz2 +++ b/config/pfblockerng/countrycodes.tar.bz2 diff --git a/config/pfblockerng/pfblockerng.inc b/config/pfblockerng/pfblockerng.inc index 379ce223..646e54ca 100644 --- a/config/pfblockerng/pfblockerng.inc +++ b/config/pfblockerng/pfblockerng.inc @@ -2724,53 +2724,6 @@ function pfblockerng_validate_input($post, &$input_errors) { } } - -function pfblockerng_php_install_command() { - require_once("/usr/local/www/pfblockerng/pfblockerng.php"); - global $config,$pfb; - pfb_global(); - - // Remove previously used CC folder location if exists - @rmdir_recursive("{$pfb['dbdir']}/cc"); - - // Uncompress Country Code File - @copy("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2"); - exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f {$pfb['ccdir']}/countrycodes.tar.bz2"); - // Download MaxMind Files and Create Country Code files and Build Continent XML Files - update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); - exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); - - update_output_window(gettext("MaxMind Country Database downloads completed...")); - update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); - pfblockerng_uc_countries(); - update_output_window(gettext("Creating pfBlockerNG Continenet XML Files...")); - pfblockerng_get_countries(); - update_output_window(gettext("Completed Creating pfBlockerNG Continenet XML Files...")); - - // Remove Original Maxmind Database Files - @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); - @unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); - @unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); - @unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); - - // Add Widget to Dashboard - update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); - if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { - // Restore previous Widget setting if "Keep" is enabled. - $config['widgets']['sequence'] = $pfb['widgets']; - } else { - $widgets = $config['widgets']['sequence']; - if (!preg_match("/pfblockerng-container/", $widgets)) { - if (empty($widgets)) { - $config['widgets']['sequence'] = "pfblockerng-container:col2:show"; - } else { - $config['widgets']['sequence'] .= ",pfblockerng-container:col2:show"; - } - } - } -} - - function pfblockerng_php_deinstall_command() { require_once("config.inc"); global $config,$pfb; @@ -3030,4 +2983,4 @@ function pfblockerng_do_xmlrpc_sync($sync_to_ip, $port, $protocol, $username, $p } return $success; } -?>
\ No newline at end of file +?> diff --git a/config/pfblockerng/pfblockerng.php b/config/pfblockerng/pfblockerng.php index f69983e2..83b0ed8d 100644 --- a/config/pfblockerng/pfblockerng.php +++ b/config/pfblockerng/pfblockerng.php @@ -189,7 +189,7 @@ function pfb_update_check($header_url, $list_url, $url_format, $pfbfolder) { if (file_exists($local_file)) { // Determine if URL is Remote or Local if ($host['host'] == "127.0.0.1" || $host['host'] == $pfb['iplocal'] || empty($host['host'])) { - $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($local_file)); + $remote_tds = gmdate ("D, d M Y H:i:s T", filemtime($list_url)); } else { $remote_tds = @implode(preg_grep("/Last-Modified/", get_headers($list_url))); $remote_tds = preg_replace("/^Last-Modified: /","", $remote_tds); diff --git a/config/pfblockerng/pfblockerng.sh b/config/pfblockerng/pfblockerng.sh index 13e14760..5858b08b 100644 --- a/config/pfblockerng/pfblockerng.sh +++ b/config/pfblockerng/pfblockerng.sh @@ -235,11 +235,11 @@ cp $pfbdeny$alias".txt" $tempfile; > $dedupfile data255="$(cut -d '.' -f 1-3 $tempfile | awk '{a[$0]++}END{for(i in a){if(a[i] > 255){print i}}}')" if [ ! -z "$data255" ]; then for ip in $data255; do - ii=$(echo "^$ip" | sed 's/\./\\\./g') + ii=$(echo "^$ip." | sed 's/\./\\\./g') grep $ii $tempfile >> $dedupfile done awk 'FNR==NR{a[$0];next}!($0 in a)' $dedupfile $tempfile > $pfbdeny$alias".txt" - for ip in $data255; do echo $ip"0/24" >> $pfbdeny$alias".txt"; done + for ip in $data255; do echo $ip".0/24" >> $pfbdeny$alias".txt"; done fi } @@ -252,6 +252,8 @@ dupcheck=yes hcheck=$(grep -c ^ $masterfile); if [ "$hcheck" -eq "0" ]; then dupcheck=no; fi # Check if Alias exists in Masterfile lcheck=$(grep -m 1 "$alias " $masterfile ); if [ "$lcheck" == "" ]; then dupcheck=no; fi +# Check for single alias in masterfile +aliaslist=$(cut -d' ' -f1 $masterfile | sort | uniq); if [ "$alias" == "$aliaslist" ]; then hcheck="0"; fi if [ "$dupcheck" == "yes" ]; then # Grep Alias with a trailing Space character @@ -332,7 +334,6 @@ if [ -e "$pfbsuppression" ] && [ -s "$pfbsuppression" ]; then octet4=$(echo $ip | cut -d '.' -f 4 | sed 's/\/.*//') dcheck=$(grep $iptrim".0/24" $dupfile) if [ "$dcheck" == "" ]; then - echo $iptrim".0" >> $tempfile echo $iptrim".0/24" >> $dupfile counter=$(($counter + 1)) # Add Individual IP addresses from Range excluding Suppressed IP @@ -424,6 +425,8 @@ dupcheck=yes hcheck=$(grep -cv "^$" $masterfile); if [ "$hcheck" -eq "0" ]; then dupcheck=no; fi # Check if Alias exists in Masterfile lcheck=$(grep -m1 "$alias " $masterfile); if [ "$lcheck" == "" ]; then dupcheck=no; fi +# Check for single alias in masterfile +aliaslist=$(cut -d' ' -f1 $masterfile | sort | uniq); if [ "$alias" == "$aliaslist" ]; then hcheck="0"; fi if [ "$dupcheck" == "yes" ]; then # Grep Alias with a trailing Space character @@ -478,7 +481,7 @@ fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; > $matchfile; > $tempmatchfile; count=0; dcount=0; mcount=0; mmcount=0 echo; echo "Querying for Repeat Offenders" -data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | cut -d '.' -f 1-3 $pfbdeny*.txt | +data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | xargs cut -d '.' -f 1-3 | awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}' | grep -v "^1\.1\.1")" count=$(echo "$data" | grep -c ^) if [ "$data" == "" ]; then count=0; fi @@ -605,7 +608,7 @@ fi > $tempfile; > $tempfile2; > $dupfile; > $addfile; > $dedupfile; count=0; dcount=0 echo; echo "=====================================================================" echo; echo "Querying for Repeat Offenders" -data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | cut -d '.' -f 1-3 $pfbdeny*.txt | +data="$(find $pfbdeny ! -name "pfB*.txt" ! -name "*_v6.txt" -type f | xargs cut -d '.' -f 1-3 | awk -v max="$max" '{a[$0]++}END{for(i in a){if(a[i] > max){print i}}}' | grep -v "^1\.1\.1")" count=$(echo "$data" | grep -c ^) if [ "$data" == "" ]; then count=0; fi diff --git a/config/pfblockerng/pfblockerng.xml b/config/pfblockerng/pfblockerng.xml index 218b22e1..d3b2cb16 100644 --- a/config/pfblockerng/pfblockerng.xml +++ b/config/pfblockerng/pfblockerng.xml @@ -71,6 +71,10 @@ <chmod>0644</chmod> </additional_files_needed> <additional_files_needed> + <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng_install.inc</item> + <prefix>/usr/local/pkg/pfblockerng/</prefix> + </additional_files_needed> + <additional_files_needed> <item>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.php</item> <prefix>/usr/local/www/pfblockerng/</prefix> <chmod>0644</chmod> @@ -542,10 +546,14 @@ </field> </fields> <custom_php_install_command> - pfblockerng_php_install_command(); + <![CDATA[ + include_once('/usr/local/pkg/pfblockerng/pfblockerng_install.inc'); + ]]> </custom_php_install_command> <custom_php_deinstall_command> + <![CDATA[ pfblockerng_php_deinstall_command(); + ]]> </custom_php_deinstall_command> <custom_php_validation_command> pfblockerng_validate_input($_POST, $input_errors); diff --git a/config/pfblockerng/pfblockerng_alerts.php b/config/pfblockerng/pfblockerng_alerts.php index bfb15c07..7253d04d 100644 --- a/config/pfblockerng/pfblockerng_alerts.php +++ b/config/pfblockerng/pfblockerng_alerts.php @@ -451,7 +451,7 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi } // Skip Repeated Alerts - if (($pfbalert[3] . $pfbalert[8] . $pfbalert[10]) == $previous_dstip || ($pfbalert[3] . $pfbalert[7] . $pfbalert[9]) == $previous_srcip) { + if (($pfbalert[1] . $pfbalert[3] . $pfbalert[7] . $pfbalert[8] . $pfbalert[10]) == $previous_alert) { continue; } @@ -489,8 +489,7 @@ function conv_log_filter_lite($logfile, $nentries, $tail, $pfbdenycnt, $pfbpermi } // Collect Details for Repeated Alert Comparison - $previous_srcip = $pfbalert[3] . $pfbalert[7] . $pfbalert[9]; - $previous_dstip = $pfbalert[3] . $pfbalert[8] . $pfbalert[10]; + $previous_alert = $pfbalert[1] . $pfbalert[3] . $pfbalert[7] . $pfbalert[8] . $pfbalert[10]; } unset ($pfbalert, $logarr); return $fields_array; diff --git a/config/pfblockerng/pfblockerng_install.inc b/config/pfblockerng/pfblockerng_install.inc new file mode 100644 index 00000000..28fe373f --- /dev/null +++ b/config/pfblockerng/pfblockerng_install.inc @@ -0,0 +1,82 @@ +<?php +/* + pfBlockerNG_install.inc + + pfBlockerNG + Copyright (C) 2015 BBcan177@gmail.com + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +*/ + +// Install pfBlockerNG package, launched from pfblockerng.xml + +require_once('/usr/local/pkg/pfblockerng/pfblockerng.inc'); +require_once('/usr/local/www/pfblockerng/pfblockerng.php'); + +global $config, $pfb; +pfb_global(); + +// Remove previously used CC folder location if exists +@rmdir_recursive("{$pfb['dbdir']}/cc"); + +// Uncompress Country Code File +@copy("{$pfb['dbdir']}/countrycodes.tar.bz2", "{$pfb['ccdir']}/countrycodes.tar.bz2"); +exec("/usr/bin/tar -jx -C {$pfb['ccdir']} -f {$pfb['ccdir']}/countrycodes.tar.bz2"); +// Download MaxMind Files and Create Country Code files and Build Continent XML Files +update_output_window(gettext("Downloading MaxMind Country Databases. This may take a minute...")); +exec("/bin/sh /usr/local/pkg/pfblockerng/geoipupdate.sh all >> {$pfb['geolog']} 2>&1"); + +update_output_window(gettext("MaxMind Country Database downloads completed...")); +update_output_window(gettext("Converting MaxMind Country Databases for pfBlockerNG. This may take a few minutes...")); +pfblockerng_uc_countries(); +update_output_window(gettext("Creating pfBlockerNG Continent XML Files...")); +pfblockerng_get_countries(); +update_output_window(gettext("Completed Creating pfBlockerNG Continent XML Files...")); + +// Remove Original Maxmind Database Files +@unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryCSV.zip"); +@unlink_if_exists("{$pfb['dbdir']}/GeoIPCountryWhois.csv"); +@unlink_if_exists("{$pfb['dbdir']}/GeoIPv6.csv"); +@unlink_if_exists("{$pfb['dbdir']}/country_continent.csv"); + +// Add Widget to Dashboard +update_output_window(gettext("Adding pfBlockerNG Widget to Dashboard.")); +if ($pfb['keep'] == "on" && !empty($pfb['widgets'])) { + // Restore previous Widget setting if "Keep" is enabled. + $config['widgets']['sequence'] = $pfb['widgets']; +} else { + $widgets = $config['widgets']['sequence']; + if (!preg_match("/pfblockerng-container/", $widgets)) { + if (empty($widgets)) { + $config['widgets']['sequence'] = "pfblockerng-container:col2:show"; + } else { + $config['widgets']['sequence'] .= ",pfblockerng-container:col2:show"; + } + } +} +return TRUE; + +?>
\ No newline at end of file diff --git a/config/pfblockerng/pfblockerng_top20.xml b/config/pfblockerng/pfblockerng_top20.xml index 32ed52e8..030c1385 100644 --- a/config/pfblockerng/pfblockerng_top20.xml +++ b/config/pfblockerng/pfblockerng_top20.xml @@ -132,6 +132,17 @@ <type>listtopic</type> </field> <field> + <description><![CDATA[<font color='red'>Note:</font> pfSense by default implicitly blocks all unsolicited inbound traffic to the WAN + interface. Therefore adding GeoIP based firewall rules to the WAN will <strong>not</strong> provide any benefit, unless there are + open WAN ports. Also consider protecting just the specific open WAN ports. It's also <strong>not</strong> recommended to + block the 'world', instead consider rules to 'Permit' traffic from selected Countries only. Finally, it's just as important + to protect the outbound LAN traffic.]]> + </description> + <type>info</type> + <dontdisplayname/> + <usecolspan2/> + </field> + <field> <fielddescr>LINKS</fielddescr> <description><![CDATA[<a href="/firewall_aliases.php">Firewall Alias</a> <a href="/firewall_rules.php">Firewall Rules</a> <a href="diag_logs_filter.php">Firewall Logs</a>]]> diff --git a/config/pfblockerng/pfblockerng_update.php b/config/pfblockerng/pfblockerng_update.php index e63d04dc..7911a4e6 100644 --- a/config/pfblockerng/pfblockerng_update.php +++ b/config/pfblockerng/pfblockerng_update.php @@ -207,9 +207,9 @@ include_once("head.inc"); <tr> <td colspan="2" class="listr"> <?php - if ($pfb['enable'] == "on") { + if ($pfb['enable'] == 'on') { - /* Legend - Time Variables + /* Legend - Time variables $pfb['interval'] Hour interval setting (1,2,3,4,6,8,12,24) $pfb['min'] Cron minute start time (0-23) @@ -218,92 +218,70 @@ include_once("head.inc"); $currenthour Current hour $currentmin Current minute + $currentsec Current second + $currentdaysec Total number of seconds elapsed so far in the day $cron_hour_begin First cron hour setting (interval 2-24) $cron_hour_next Next cron hour setting (interval 2-24) - $max_min_remain Max minutes to next cron (not including currentmin) - $min_remain Total minutes remaining to next cron - $min_final The minute component in hour:min - $nextcron Next cron event in hour:mins - $cronreal Time remaining to next cron in hours:mins */ + $cronreal Time remaining to next cron in hours:mins:secs */ $currenthour = date('G'); $currentmin = date('i'); + $currentsec = date('s'); + $currentdaysec = ($currenthour * 3600) + ($currentmin * 60) + $currentsec; if ($pfb['interval'] == 1) { - if (($currenthour + ($currentmin/60)) <= ($pfb['hour'] + ($pfb['min']/60))) { + if ($currentmin < $pfb['min']) { $cron_hour_next = $currenthour; } else { - $cron_hour_next = $currenthour + 1; - } - if (($currenthour + ($pfb['min']/60)) >= 24) { - $cron_hour_next = $pfb['hour']; + $cron_hour_next = ($currenthour + 1) % 24; } - $max_min_remain = 60 + $pfb['min']; } elseif ($pfb['interval'] == 24) { - $cron_hour_next = $cron_hour_begin = $pfb['24hour'] != '' ? $pfb['24hour'] : '00'; + $cron_hour_next = $cron_hour_begin = !empty($pfb['24hour']) ?: '00'; } else { - // Find Next Cron hour schedule + // Find next cron hour schedule $crondata = pfb_cron_base_hour(); + $cron_hour_begin = 0; + $cron_hour_next = ''; if (!empty($crondata)) { foreach ($crondata as $key => $line) { if ($key == 0) { $cron_hour_begin = $line; } - if ($line > $currenthour) { + if (($line * 3600) + ($pfb['min'] * 60) > $currentdaysec) { $cron_hour_next = $line; break; } } } - - // Roll over to First cron hour setting - if (!isset($cron_hour_next)) { - if (empty($cron_hour_begin)) { - // $cron_hour_begin is hour '0' - $cron_hour_next = (24 - $currenthour); - } else { - $cron_hour_next = $cron_hour_begin; - } - } - } - - if ($pfb['interval'] != 1) { - if (($currenthour + ($currentmin/60)) <= ($cron_hour_next + ($pfb['min']/60))) { - $max_min_remain = (($cron_hour_next - $currenthour) * 60) + $pfb['min']; - } else { - $max_min_remain = ((24 - $currenthour + $cron_hour_begin) * 60) + $pfb['min']; + // Roll over to the first cron hour setting + if (empty($cron_hour_next)) { $cron_hour_next = $cron_hour_begin; } } - $min_remain = ($max_min_remain - $currentmin); - $min_final = ($min_remain % 60); - $sec_final = (60 - date('s')); - - if (strlen($sec_final) == 1) { - $sec_final = '0' . $sec_final; - } - if (strlen($min_final) == 1) { - $min_final = '0' . $min_final; - } - if (strlen($cron_hour_next) == 1) { - $cron_hour_next = '0' . $cron_hour_next; - } - - if ($min_remain > 59) { - $nextcron = floor($min_remain / 60) . ':' . $min_final . ':' . $sec_final; + $cron_seconds_next = ($cron_hour_next * 3600) + ($pfb['min'] * 60); + if ($currentdaysec < $cron_seconds_next) { + // The next cron job is ahead of us in the day + $sec_remain = $cron_seconds_next - $currentdaysec; } else { - $nextcron = '00:' . $min_final . ':' . $sec_final; + // The next cron job is tomorrow + $sec_remain = (24*60*60) + $cron_seconds_next - $currentdaysec; } - if ($pfb['min'] == 0) { - $pfb['min'] = '00'; - } + // Ensure hour:min:sec variables are two digit + $pfb['min'] = str_pad($pfb['min'], 2, '0', STR_PAD_LEFT); + $sec_final = str_pad(($sec_remain % 60), 2, '0', STR_PAD_LEFT); + $min_remain = str_pad(floor($sec_remain / 60), 2, '0', STR_PAD_LEFT); + $min_final = str_pad(($min_remain % 60), 2, '0', STR_PAD_LEFT); + $hour_final = str_pad(floor($min_remain / 60), 2, '0', STR_PAD_LEFT); + $cron_hour_next = str_pad($cron_hour_next, 2, '0', STR_PAD_LEFT); + $cronreal = "{$cron_hour_next}:{$pfb['min']}"; + $nextcron = "{$hour_final}:{$min_final}:{$sec_final}"; } if (empty($pfb['enable']) || empty($cron_hour_next)) { @@ -314,9 +292,8 @@ include_once("head.inc"); echo "NEXT Scheduled CRON Event will run at <font size=\"3\"> {$cronreal}</font> with <font size=\"3\"><span class=\"red\"> {$nextcron} </span></font> time remaining."; - // Query for any Active pfBlockerNG CRON Jobs - $result_cron = array(); - $cron_event = exec ("/bin/ps -wax", $result_cron); + // Query for any active pfBlockerNG CRON jobs + exec ('/bin/ps -wax', $result_cron); if (preg_grep("/pfblockerng[.]php\s+cron/", $result_cron)) { echo "<font size=\"2\"><span class=\"red\"> Active pfBlockerNG CRON Job </span></font> "; diff --git a/config/quagga_ospfd/quagga_ospfd.inc b/config/quagga_ospfd/quagga_ospfd.inc index 140bac8a..34900e76 100644 --- a/config/quagga_ospfd/quagga_ospfd.inc +++ b/config/quagga_ospfd/quagga_ospfd.inc @@ -1,9 +1,10 @@ <?php /* quagga_ospfd.inc - Copyright (C) 2010 Ermal Lu�i + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Ermal Luçi Copyright (C) 2012 Jim Pingle - part of pfSense + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -46,7 +47,7 @@ function quagga_ospfd_get_interfaces() { $interfaces = get_configured_interface_with_descr(); $ospf_ifs = array(); foreach ($interfaces as $iface => $ifacename) { - $tmp["name"] = $ifacename; + $tmp["name"] = $ifacename; $tmp["value"] = $iface; $ospf_ifs[] = $tmp; } @@ -55,7 +56,7 @@ function quagga_ospfd_get_interfaces() { if (is_array($config['openvpn']["openvpn-{$mode}"])) { foreach ($config['openvpn']["openvpn-{$mode}"] as $id => $setting) { if (!isset($setting['disable'])) { - $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); + $tmp["name"] = gettext("OpenVPN") . " ".$mode.": ".htmlspecialchars($setting['description']); $tmp["value"] = 'ovpn' . substr($mode, 0, 1) . $setting['vpnid']; $ospf_ifs[] = $tmp; } @@ -74,11 +75,11 @@ function quagga_ospfd_install_conf() { $quagga_config_base = PKG_QUAGGA_CONFIG_BASE; $noaccept = ""; - + // generate ospfd.conf based on the assistant - if(is_array($config['installedpackages']['quaggaospfd']['config'])) + if(is_array($config['installedpackages']['quaggaospfd']['config'])) { $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; - else { + } else { log_error("Quagga OSPFd: No config data found."); return; } @@ -90,11 +91,12 @@ function quagga_ospfd_install_conf() { } else { $conffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; - if($ospfd_conf['password']) + if($ospfd_conf['password']) { $conffile .= "password {$ospfd_conf['password']}\n"; - - if ($ospfd_conf['logging']) + } + if ($ospfd_conf['logging']) { $conffile .= "log syslog\n"; + } /* Interface Settings */ $passive_interfaces = array(); @@ -113,7 +115,7 @@ function quagga_ospfd_install_conf() { if ($conf['md5password'] && !empty($conf['password'])) { $conffile .= " ip ospf authentication message-digest\n"; $conffile .= " ip ospf message-digest-key 1 md5 " . substr($conf['password'], 0, 15) . "\n"; - } else if (!empty($conf['password'])) { + } elseif (!empty($conf['password'])) { $conffile .= " ip ospf authentication-key " . substr($conf['password'], 0, 8) . "\n"; } if (!empty($conf['routerpriorityelections'])) { @@ -124,38 +126,36 @@ function quagga_ospfd_install_conf() { } if (!empty($conf['deadtimer'])) { $conffile .= " ip ospf dead-interval {$conf['deadtimer']}\n"; - } + } if (!empty($conf['passive'])) { $passive_interfaces[] = $realif; } $interface_ip = find_interface_ip($realif); $interface_subnet = find_interface_subnet($realif); /* Cheap hack since point-to-points won't attach if /32 is used. */ - if ($interface_subnet == 32) + if ($interface_subnet == 32) { $interface_subnet = 30; + } $subnet = gen_subnet($interface_ip, $interface_subnet); if (!empty($conf['acceptfilter'])) { $noaccept .= "ip prefix-list ACCEPTFILTER deny {$subnet}/{$interface_subnet}\n"; } if (!empty($conf['interfacearea'])) { $interface_networks[] = array( "subnet" => "{$subnet}/{$interface_subnet}", "area" => $conf['interfacearea']); - } - else { + } else { $interface_networks[] = array( "subnet" => "{$subnet}/{$interface_subnet}", "area" => $ospfd_conf['area']); } - - - } } - + $redist = ""; $noredist = ""; if (is_array($ospfd_conf['row'])) { foreach ($ospfd_conf['row'] as $redistr) { - if (empty($redistr['routevalue'])) + if (empty($redistr['routevalue'])) { continue; + } if (isset($redistr['acceptfilter'])) { $noaccept .= "ip prefix-list ACCEPTFILTER deny {$redistr['routevalue']}\n"; } @@ -173,55 +173,60 @@ function quagga_ospfd_install_conf() { $conffile .= "\n\nrouter ospf\n"; // Specify router id - if($ospfd_conf['routerid']) + if ($ospfd_conf['routerid']) { $conffile .= " ospf router-id {$ospfd_conf['routerid']}\n"; - - if ($ospfd_conf['updatefib']) + } + if ($ospfd_conf['updatefib']) { $conffile .= " area {$ospfd_conf['area']} stub\n"; - - if ($ospfd_conf['logging'] && $ospfd_conf['adjacencylog']) + } + if ($ospfd_conf['logging'] && $ospfd_conf['adjacencylog']) { $conffile .= " log-adjacency-changes detail\n"; - - if ($ospfd_conf['redistributeconnectedsubnets']) + } + if ($ospfd_conf['redistributeconnectedsubnets']) { $conffile .= " redistribute connected\n"; - - if ($ospfd_conf['redistributestatic']) + } + if ($ospfd_conf['redistributestatic']) { $conffile .= " redistribute static\n"; - - if ($ospfd_conf['redistributekernel']) + } + if ($ospfd_conf['redistributekernel']) { $conffile .= " redistribute kernel\n"; - - - if ($ospfd_conf['redistributedefaultroute']) + } + if ($ospfd_conf['redistributedefaultroute']) { $conffile .= " default-information originate\n"; - + } if ($ospfd_conf['spfholdtime'] || $ospfd_conf['spfdelay']) { $spf_minhold = ($ospfd_conf['spfholdtime']) ? $ospfd_conf['spfholdtime'] : 1000; $spf_maxhold = $spf_minhold * 10; $spf_delay = ($ospfd_conf['spfdelay']) ? $ospfd_conf['spfdelay'] : 200; $conffile .= " timers throttle spf {$spf_delay} {$spf_minhold} {$spf_maxhold}\n"; } - - if ($ospfd_conf['rfc1583']) + if ($ospfd_conf['rfc1583']) { $conffile .= " ospf rfc1583compatibility\n"; - + } if (is_array($passive_interfaces)) { foreach ($passive_interfaces as $pint) $conffile .= " passive-interface {$pint}\n"; } - - if (is_array($interface_networks)) { foreach ($interface_networks as $ifn) { if (is_subnet($ifn['subnet'])) { - $conffile .= " network {$ifn['subnet']} area {$ifn['area']}\n"; - } + $conffile .= " network {$ifn['subnet']} area {$ifn['area']}\n"; + } } } - - if (!empty($redist)) + if ($conf['md5password'] && !empty($conf['password']) && !empty($conf['interfacearea'])) { + $conffile .= " area {$conf['interfacearea']} authentication message-digest\n"; + } elseif ($conf['md5password'] && !empty($conf['password']) && empty($conf['interfacearea'])) { + $conffile .= " area 0.0.0.0 authentication message-digest\n"; + } + if ($conf['password'] && empty($conf['md5password']) && !empty($conf['interfacearea'])) { + $conffile .= " area {$conf['interfacearea']} authentication\n"; + } elseif ($conf['password'] && empty($conf['md5password']) && empty($conf['interfacearea'])) { + $conffile .= " area 0.0.0.0 authentication\n"; + } + if (!empty($redist)) { $conffile .= $redist; - + } if (!empty($noredist)) { $conffile .= " distribute-list dnr-list out connected\n"; $conffile .= " distribute-list dnr-list out kernel\n"; @@ -248,10 +253,12 @@ function quagga_ospfd_install_conf() { $zebraconffile = str_replace("\r","",base64_decode($config['installedpackages']['quaggaospfdraw']['config'][0]['zebra'])); } else { $zebraconffile = "# This file was created by the pfSense package manager. Do not edit!\n\n"; - if($ospfd_conf['password']) + if($ospfd_conf['password']) { $zebraconffile .= "password {$ospfd_conf['password']}\n"; - if ($ospfd_conf['logging']) + } + if ($ospfd_conf['logging']) { $zebraconffile .= "log syslog\n"; + } if (!empty($noaccept)) { $zebraconffile .= $noaccept; $zebraconffile .= "ip prefix-list ACCEPTFILTER permit any\n"; @@ -381,31 +388,40 @@ function quagga_ospfd_validate_interface() { if ($config['installedpackages']['quaggaospfdinterfaces']['config']) { foreach ($config['installedpackages']['quaggaospfdinterfaces']['config'] as $index => $conf) { - if ($index == 0) + if ($index == 0) { continue; - if ($id != $index && $conf['interface'] == $_POST['interface']) + } + if ($id != $index && $conf['interface'] == $_POST['interface']) { $input_errors[] = "Interface {$_POST['interface']} is already configured."; + } } } - if ($_POST['md5password'] && empty($_POST['password'])) + if ($_POST['md5password'] && empty($_POST['password'])) { $input_errors[] = "Please input a password."; + } } function quagga_ospfd_validate_input() { global $config, $g, $input_errors; - if ($_POST['password'] <> "" && (strpos($_POST['password'], "'") !== false)) + if ($_POST['password'] <> "" && (strpos($_POST['password'], "'") !== false)) { $input_errors[] = "Password cannot contain a single quote (')"; - if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) + } + if (!empty($_POST['routerid']) && !is_ipaddr($_POST['routerid'])) { $input_errors[] = "Router ID must be an address."; - if (!is_ipaddr($_POST['area'])) + } + if (!is_ipaddr($_POST['area'])) { $input_errors[] = "Area needs to be a valid ip_address."; - if ($_POST['spfholdtime'] <> "" && ($_POST['spfholdtime'] < 1 || $_POST['spfholdtime'] > 5)) + } + if ($_POST['spfholdtime'] <> "" && ($_POST['spfholdtime'] < 1 || $_POST['spfholdtime'] > 5)) { $input_errors[] = "SPF holdtime needs to be between 1 and 5."; - if ($_POST['spfdelay'] <> "" && ($_POST['spfdelay'] < 1 || $_POST['spfdelay'] > 10)) + } + if ($_POST['spfdelay'] <> "" && ($_POST['spfdelay'] < 1 || $_POST['spfdelay'] > 10)) { $input_errors[] = "SPF delay needs to be between 1 and 10."; - if (!$config['installedpackages']['quaggaospfdinterfaces']['config']) + } + if (!$config['installedpackages']['quaggaospfdinterfaces']['config']) { $input_errors[] = "Please select an interface to use for Quagga OSPFd."; + } } function quagga_get_carp_status_by_ip($ipaddr) { @@ -413,8 +429,9 @@ function quagga_get_carp_status_by_ip($ipaddr) { if ($iface) { $status = get_carp_interface_status($iface); // If there is no status for that interface, return null. - if (!$status) + if (!$status) { $status = null; + } } else { // If there is no VIP by that IP, return null. $status = null; @@ -430,7 +447,7 @@ function quagga_ospfd_plugin_carp($pluginparams) { // $pluginparams['interface'] contains the affected interface /* If there is no OSPF config, then stop */ - if(is_array($config['installedpackages']['quaggaospfd']['config'])) { + if (is_array($config['installedpackages']['quaggaospfd']['config'])) { $ospfd_conf = &$config['installedpackages']['quaggaospfd']['config'][0]; } else { return null; diff --git a/config/quagga_ospfd/status_ospfd.php b/config/quagga_ospfd/status_ospfd.php index 8ecf19d0..b291655d 100644 --- a/config/quagga_ospfd/status_ospfd.php +++ b/config/quagga_ospfd/status_ospfd.php @@ -1,8 +1,10 @@ <?php /* status_ospfd.php - Copyright (C) 2010 Nick Buraglio; nick@buraglio.com + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2010 Nick Buraglio <nick@buraglio.com> Copyright (C) 2010 Scott Ullrich <sullrich@pfsense.org> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -16,7 +18,7 @@ documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF @@ -26,14 +28,13 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); $pgtitle = "Quagga OSPF: Status"; include("head.inc"); $control_script = "/usr/local/bin/quaggactl"; -$pkg_homedir = "/var/etc/quagga"; +$pkg_homedir = "/var/etc/quagga"; /* List all of the commands as an index. */ function listCmds() { @@ -61,11 +62,12 @@ function defCmdT($title, $command) { } function doCmdT($title, $command) { - echo "<p>\n"; + echo "<br />\n"; echo "<a name=\"" . $title . "\">\n"; echo "<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">\n"; echo "<tr><td class=\"listtopic\">" . $title . "</td></tr>\n"; - echo "<tr><td class=\"listlr\"><pre>"; /* no newline after pre */ + /* no newline after pre */ + echo "<tr><td class=\"listlr\"><pre>"; $execOutput = ""; $execStatus = ""; @@ -86,7 +88,7 @@ function doCmdT($title, $command) { <?php if ($savemsg) print_info_box($savemsg); ?> <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td class="tabnavtbl"> + <tr><td class="tabnavtbl"> <?php $tab_array = array(); $tab_array[] = array(gettext("Settings"), false, "/pkg_edit.php?xml=quagga_ospfd.xml&id=0"); @@ -96,8 +98,7 @@ function doCmdT($title, $command) { display_top_tabs($tab_array); ?> </td></tr> - <tr> - <td> + <tr><td> <div id="mainarea"> <table class="tabcont" width="100%" border="0" cellpadding="6" cellspacing="0"> <tr> @@ -123,8 +124,7 @@ function doCmdT($title, $command) { </tr> </table> </div> - </td> - </tr> + </td></tr> </table> <?php include("fend.inc"); ?> </body> diff --git a/config/sarg/sarg.inc b/config/sarg/sarg.inc index ce2617e1..446b5f82 100644 --- a/config/sarg/sarg.inc +++ b/config/sarg/sarg.inc @@ -1,540 +1,557 @@ <?php -/* ========================================================================== */ /* sarg.inc - part of pfSense (http://www.pfSense.com) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2007 Joao Henrique F. Freitas - Copyright (C) 2012-2013 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2"){ + Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { // Function to get squidGuard directory // each squidGuard version has a different directory function getsqGuardDir() { - foreach (glob("/usr/pbi/*",GLOB_ONLYDIR) as $dirname) { + foreach (glob("/usr/pbi/*", GLOB_ONLYDIR) as $dirname) { if (preg_match("/squidguard-/i", $dirname)) { return trim($dirname); break; } } } + define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); + define('SQGARD_DIR', getsqGuardDir()); + define('SQUID_DIR', '/usr/pbi/squid-' . php_uname("m")); + define('DANSG_DIR', '/usr/pbi/dansguardian-' . php_uname("m")); +} else { + define('SARG_DIR', '/usr/local'); + define('SQGARD_DIR', '/usr/local'); + define('SQUID_DIR', '/usr/local'); + define('DANSG_DIR', '/usr/local'); +} - define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); - define('SQGARD_DIR', getsqGuardDir()); - define('SQUID_DIR', '/usr/pbi/squid-' . php_uname("m")); - define('DANSG_DIR', '/usr/pbi/dansguardian-' . php_uname("m")); - } -else{ - define('SARG_DIR', '/usr/local'); - define('SQGARD_DIR', '/usr/local'); - define('SQUID_DIR', '/usr/local'); - define('DANSG_DIR', '/usr/local'); +$uname = posix_uname(); +if ($uname['machine']=='amd64') { + ini_set('memory_limit', '250M'); } - -$uname=posix_uname(); -if ($uname['machine']=='amd64') - ini_set('memory_limit', '250M'); // STATIC VARS -$sarg_proxy=array( 'squid_rc'=> SQUID_DIR . '/etc/rc.d/squid.sh', - 'squid_config'=> '/var/squid/logs/access.log', - 'squidguard_config'=> SQGARD_DIR . '/etc/squidGuard/squidGuard.conf', - 'squidguard_block_log'=>'/var/squidGuard/log/block.log', - 'dansguardian_config'=> DANSG_DIR . '/etc/dansguardian/dansguardian.conf', - 'dansguardian_log'=>'/var/log/dansguardian/access.log'); - +$sarg_proxy['squid_rc'] = SQUID_DIR . '/etc/rc.d/squid.sh'; +$sarg_proxy['squid_config'] = '/var/squid/logs/access.log'; +$sarg_proxy['squidguard_config'] = SQGARD_DIR . '/etc/squidGuard/squidGuard.conf'; +$sarg_proxy['squidguard_block_log'] = '/var/squidGuard/log/block.log'; +$sarg_proxy['dansguardian_config'] = DANSG_DIR . '/etc/dansguardian/dansguardian.conf'; +$sarg_proxy['dansguardian_log'] = '/var/log/dansguardian/access.log'; // END STATIC VARS -function sarg_start() { - global $g, $config; - - // reserved -} - -function sarg_text_area_decode($text){ - return preg_replace('/\r\n/', "\n",base64_decode($text)); +function sarg_text_area_decode($text) { + return preg_replace('/\r\n/', "\n", base64_decode($text)); } function sarg_resync() { - global $config; - if (($_POST['Submit'] == 'Save') || !isset($_POST['Submit'])) - sync_package_sarg(); - if ($_POST['Submit'] == 'Force update now') - run_sarg(); - + global $config; + if (($_POST['Submit'] == 'Save') || !isset($_POST['Submit'])) { + sync_package_sarg(); + } + if ($_POST['Submit'] == 'Force update now') { + run_sarg(); + } } -function log_rotate($log_file){ + +function log_rotate($log_file) { global $config, $g; - - #remove .10 rotate log file - unlink_if_exists("$log_file".".10"); - #rotate logs from 9 to 0 - $i=9; - while ($i>=0){ - if (file_exists($log_file.".".$i)) - rename ($log_file.".".$i,$log_file.".".($i+1)); - $i=$i-1; - } - #rotate current log - if (file_exists("$log_file")) - rename ($log_file,$log_file.".0"); + + // remove .10 rotate log file + unlink_if_exists("{$log_file}.10"); + // rotate logs from 9 to 0 + $i = 9; + while ($i >= 0) { + if (file_exists("{$log_file}.{$i}")) { + rename("{$log_file}.{$i}", "{$log_file}" . ($i + 1)); + } + $i = $i - 1; + } + // rotate current log + if (file_exists("$log_file")) { + rename("{$log_file}", "{$log_file}.0"); + } } -function run_sarg($id=-1) { - global $config, $g,$sarg_proxy; - #mount filesystem writeable + +function run_sarg($id = -1) { + global $config, $g, $sarg_proxy; + // mount filesystem writeable conf_mount_rw(); - $cmd = SARG_DIR . "/bin/sarg"; - if ($id >= 0 && is_array($config['installedpackages']['sargschedule']['config'])){ - $args=$config['installedpackages']['sargschedule']['config'][$id]['args']; - $action=$config['installedpackages']['sargschedule']['config'][$id]['action']; - $gzip=$config['installedpackages']['sargschedule']['config'][$id]['gzip']; - $find=$config['installedpackages']['sargschedule']['config'][$id]['find']; - $gziplevel=$config['installedpackages']['sargschedule']['config'][$id]['gziplevel']; - $daylimit=$config['installedpackages']['sargschedule']['config'][$id]['daylimit']; - } - else{ - $args=$_POST['args']; - $action=$_POST['action']; - $gzip=$_POST['gzip']; - $find=$_POST['find']; - $gziplevel=$_POST['gziplevel']; - $daylimit=""; - } - $find=(preg_match("/(\d+)/",$find,$find_matches) ? $find_matches[1] : "60"); + $cmd = SARG_DIR . "/bin/sarg"; + if ($id >= 0 && is_array($config['installedpackages']['sargschedule']['config'])) { + $args = $config['installedpackages']['sargschedule']['config'][$id]['args']; + $action = $config['installedpackages']['sargschedule']['config'][$id]['action']; + $gzip = $config['installedpackages']['sargschedule']['config'][$id]['gzip']; + $find = $config['installedpackages']['sargschedule']['config'][$id]['find']; + $gziplevel = $config['installedpackages']['sargschedule']['config'][$id]['gziplevel']; + $daylimit = $config['installedpackages']['sargschedule']['config'][$id]['daylimit']; + } else { + $args = $_POST['args']; + $action = $_POST['action']; + $gzip = $_POST['gzip']; + $find = $_POST['find']; + $gziplevel = $_POST['gziplevel']; + $daylimit = ""; + } + $find = (preg_match("/(\d+)/", $find, $find_matches) ? $find_matches[1] : "60"); log_error("Sarg: force refresh now with {$args} args, compress({$gzip}) and {$action} action after sarg finish."); - $gzip_script="#!/bin/sh\n"; - if ($gzip=="on"){ - #remove old file if exists + $gzip_script = "#!/bin/sh\n"; + if ($gzip == "on") { + // remove old file if exists unlink_if_exists("/root/sarg_run_{$id}.sh"); - $gzip_script.=<<<EOF + $gzip_script .= <<<EOF for a in `/usr/bin/find /usr/local/sarg-reports -cmin -{$find} -type d -mindepth 1 -maxdepth 1` do echo \$a -/usr/bin/find \$a -name "*html" | xargs gzip {$gziplevel} +/usr/bin/find \$a -name "*html" | /usr/bin/xargs gzip {$gziplevel} done - + EOF; - } - if (preg_match("/(\d+)/",$daylimit,$day_matches)){ - $gzip_script.=<<<EOF + } + if (preg_match("/(\d+)/", $daylimit, $day_matches)) { + $gzip_script .= <<<EOF for a in `/usr/bin/find /usr/local/sarg-reports -ctime +{$find} -type d -mindepth 1 -maxdepth 1` do echo \$a -rm -rf \$a +/bin/rm -rf \$a done - + EOF; } - #create a new file to speedup find search - file_put_contents("/root/sarg_run_{$id}.sh",$gzip_script,LOCK_EX); - mwexec("export LC_ALL=C && " .$cmd. " ".$args); - #check if there is a script to run after file save - if (is_array($config['installedpackages']['sarg'])) - switch ($config['installedpackages']['sarg']['config'][0]['proxy_server']){ + // create a new file to speedup find search + file_put_contents("/root/sarg_run_{$id}.sh", $gzip_script, LOCK_EX); + mwexec("export LC_ALL=C && " . $cmd . " " . $args); + // check if there is a script to run after file save + if (is_array($config['installedpackages']['sarg'])) { + switch ($config['installedpackages']['sarg']['config'][0]['proxy_server']) { case "squidguard": - if ($action =="both" || $action=="rotate"){ - log_error('executing squidguard log rotate after sarg.'); + if ($action == "both" || $action == "rotate") { + log_error('Executing squidguard log rotate after sarg.'); log_rotate($sarg_proxy['squidguard_block_log']); - file_put_contents($sarg_proxy['squidguard_block_log'],"",LOCK_EX); - chown($sarg_proxy['squidguard_block_log'],'proxy'); - chgrp($sarg_proxy['squidguard_block_log'],'proxy'); + file_put_contents($sarg_proxy['squidguard_block_log'], "", LOCK_EX); + chown($sarg_proxy['squidguard_block_log'], 'proxy'); + chgrp($sarg_proxy['squidguard_block_log'], 'proxy'); mwexec(SQUID_DIR . '/sbin/squid -k reconfigure'); - } - #leave this case without break to run squid rotate too. + } + // leave this case without break to run squid rotate too. case "squid": - if ($action =="both" || $action=="rotate"){ - log_error('executing squid log rotate after sarg.'); + if ($action == "both" || $action == "rotate") { + log_error('Executing squid log rotate after sarg.'); mwexec(SQUID_DIR . '/sbin/squid -k rotate'); + } + if ($action == "both" || $action=="restart") { + if (file_exists($sarg_proxy['squid_rc'])) { + mwexec_bg($sarg_proxy['squid_rc'] . ' restart'); } - if ($action =="both" || $action=="restart"){ - if (file_exists($sarg_proxy['squid_rc'])) - mwexec_bg($sarg_proxy['squid_rc'].' restart'); - } + } break; case "dansguardian": - if (preg_match('/\w+/',$action) && $action !="none"){ + if (preg_match('/\w+/', $action) && $action != "none") { log_rotate($sarg_proxy['dansguardian_log']); - log_error('restarting dansguardian after sarg and log rotate.'); + log_error('Restarting dansguardian after sarg and log rotate.'); mwexec('/usr/bin/killall -HUP dansguardian'); - } + } break; } - #check compress option - if ($gzip=="on") + } + // check compress option + if ($gzip == "on") { mwexec_bg("/bin/sh /root/sarg_run_{$id}.sh"); - - #mount filesystem readonly + } + // mount filesystem readonly conf_mount_ro(); } function sync_package_sarg() { - global $config, $g,$sarg_proxy; - - # detect boot process - if (is_array($_POST)){ - if (!preg_match("/\w+/",$_POST['__csrf_magic'])) - return; - } - #check pkg.php sent a sync request - - - $update_conf=0; - #mount filesystem writeable + global $config, $g, $sarg_proxy; + + // detect boot process + if (platform_booting()) { + return; + } + + // check pkg.php sent a sync request + $update_conf = 0; + // mount filesystem writeable conf_mount_rw(); - if (!is_array($config['installedpackages']['sarg']['config'])) - $config['installedpackages']['sarg']['config'][0]=array('report_options'=>'use_graphs,remove_temp_files,main_index,use_comma,date_time_by_bytes', - 'report_type'=>'topusers,topsites,sites_users,users_sites,date_time,denied,auth_failures,site_user_time_date,downloads', - 'report_type'=>'u', - 'report_charset'=>'UTF-8', - 'topuser_num'=>'0', - 'authfail_report_limit'=>'0', - 'denied_report_limit'=>'0', - 'user_report_limit' =>'0', - 'lastlog'=> '0', - 'max_elapsed'=> '0'); - $sarg=$config['installedpackages']['sarg']['config'][0]; - if (!is_array($config['installedpackages']['sarguser']['config'])) - $config['installedpackages']['sarguser']['config'][0]=array('user_sort_field'=>'BYTES', - 'exclude_userlist'=> $sarg['exclude_userlist'], - 'include_userlist'=> $sarg['include_userlist'], - 'usertab'=>$sarg['usertab'], - 'ldap_filter_search'=> '(uid=%s)', - 'ldap_target_attr'=> 'cn', - 'ldap_port'=> '389', - 'ntlm_user_format'=>'domainname+username'); - $sarguser=$config['installedpackages']['sarguser']['config'][0]; - $access_log=$sarg['proxy_server']; - switch ($sarg['proxy_server']){ + if (!is_array($config['installedpackages']['sarg']['config'])) { + $config['installedpackages']['sarg']['config'][0]['report_options'] = 'use_graphs,remove_temp_files,main_index,use_comma,date_time_by_bytes'; + $config['installedpackages']['sarg']['config'][0]['report_type'] = 'topusers,topsites,sites_users,users_sites,date_time,denied,auth_failures,site_user_time_date,downloads'; + $config['installedpackages']['sarg']['config'][0]['report_date_format'] = 'u'; + $config['installedpackages']['sarg']['config'][0]['report_charset'] = 'UTF-8'; + $config['installedpackages']['sarg']['config'][0]['topuser_num'] = '0'; + $config['installedpackages']['sarg']['config'][0]['authfail_report_limit'] = '0'; + $config['installedpackages']['sarg']['config'][0]['denied_report_limit'] = '0'; + $config['installedpackages']['sarg']['config'][0]['user_report_limit'] = '0'; + $config['installedpackages']['sarg']['config'][0]['lastlog'] = '0'; + $config['installedpackages']['sarg']['config'][0]['max_elapsed'] = '0'; + } + $sarg = $config['installedpackages']['sarg']['config'][0]; + if (!is_array($config['installedpackages']['sarguser']['config'])) { + $config['installedpackages']['sarguser']['config'][0]['user_sort_field'] = 'BYTES'; + $config['installedpackages']['sarguser']['config'][0]['exclude_userlist'] = $sarg['exclude_userlist']; + $config['installedpackages']['sarguser']['config'][0]['include_userlist'] = $sarg['include_userlist']; + $config['installedpackages']['sarguser']['config'][0]['usertab'] = $sarg['usertab']; + $config['installedpackages']['sarguser']['config'][0]['ldap_filter_search'] = '(uid=%s)'; + $config['installedpackages']['sarguser']['config'][0]['ldap_target_attr'] = 'cn'; + $config['installedpackages']['sarguser']['config'][0]['ldap_port'] = '389'; + $config['installedpackages']['sarguser']['config'][0]['ntlm_user_format'] = 'domainname+username'; + } + $sarguser = $config['installedpackages']['sarguser']['config'][0]; + $access_log = $sarg['proxy_server']; + switch ($sarg['proxy_server']) { case 'dansguardian': - $access_log= $sarg_proxy['dansguardian_log']; - $dansguardian_conf=$sarg_proxy['dansguardian_config']; - $dansguardian_filter_out_date="dansguardian_filter_out_date on"; - $squidguard_conf='squidguard_conf none'; - break; + $access_log = $sarg_proxy['dansguardian_log']; + $dansguardian_conf = $sarg_proxy['dansguardian_config']; + $dansguardian_filter_out_date = "dansguardian_filter_out_date on"; + $squidguard_conf = 'squidguard_conf none'; + break; case 'squidguard': - $squidguard_conf='squidguard_conf '.$sarg_proxy['squidguard_config']; - $redirector_log_format='redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#'; - #Leve this case without break to include squid log file on squidguard option + $squidguard_conf = 'squidguard_conf ' . $sarg_proxy['squidguard_config']; + $redirector_log_format = 'redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#'; + // leave this case without break to include squid log file on squidguard option case 'squid': - $access_log= $sarg_proxy['squid_config']; - if (is_array($config['installedpackages']['squid']['config'])) - if (file_exists($config['installedpackages']['squid']['config'][0]['log_dir']. '/access.log')) - $access_log = $config['installedpackages']['squid']['config'][0]['log_dir']. '/access.log'; - break; - } - if (!file_exists($access_log) && $access_log !=""){ - $error="Sarg config error: ".$sarg['proxy_server']." log file ($access_log) does not exists"; + $access_log = $sarg_proxy['squid_config']; + if (is_array($config['installedpackages']['squid']['config'])) { + if (file_exists($config['installedpackages']['squid']['config'][0]['log_dir'] . '/access.log')) { + $access_log = $config['installedpackages']['squid']['config'][0]['log_dir'] . '/access.log'; + } + } + break; + } + if (!file_exists($access_log) && $access_log !="") { + $error = "Sarg config error: " . $sarg['proxy_server'] . " log file ($access_log) does not exists"; log_error($error); file_notice("Sarg", $error, "Sarg Settings", ""); } - - #general tab - $graphs=(preg_match('/use_graphs/',$sarg['report_options'])?"yes":"no"); - $anonymous_output_files=(preg_match('/anonymous_output_files/',$sarg['report_options'])?"yes":"no"); - $resolve_ip=(preg_match('/resolve_ip/',$sarg['report_options'])?"yes":"no"); - $user_ip=(preg_match('/user_ip/',$sarg['report_options'])?"yes":"no"); - $sort_order=(preg_match('/user_sort_field_order/',$sarg['report_options'])?"reverse":"normal"); - $remove_temp_files=(preg_match('/remove_temp_files/',$sarg['report_options'])?"yes":"no"); - $main_index=(preg_match('/main_index/',$sarg['report_options'])?"yes":"no"); - $index_tree=(preg_match('/index_tree/',$sarg['report_options'])?"file":"date"); - $overwrite_report=(preg_match('/overwrite_report/',$sarg['report_options'])?"yes":"no"); - $use_comma=(preg_match('/use_comma/',$sarg['report_options'])?"yes":"no"); - $long_url=(preg_match('/long_url/',$sarg['report_options'])?"yes":"no"); - $privacy=(preg_match('/privacy/',$sarg['report_options'])?"yes":"no"); - $displayed_values=(preg_match('/displayed_values/',$sarg['report_options'])?"abbreviation":"bytes"); - $bytes_in_sites_users_report=(preg_match('/bytes_in_sites_users_report/',$sarg['report_options'])?"yes":"no"); - $date_time_by=(preg_match('/date_time_by_bytes/',$sarg['report_options'])?"bytes":""); - $date_time_by.=(preg_match('/date_time_by_elap/',$sarg['report_options'])?" elap":""); - if(empty($date_time_by)) - $date_time_by="bytes"; - $date_format=(preg_match("/\w/",$sarg['report_date_format'])?$sarg['report_date_format']:"u"); - $report_type=preg_replace('/,/',' ',$sarg['report_type']); - $report_charset=(empty($sarg['report_charset'])?"UTF-8":$sarg['report_charset']); - $exclude_string=(empty($sarg['exclude_string'])?"":'exclude_string "'.$sarg['exclude_string'].'"'); - - #limits - $max_elapsed=(empty($sarg['max_elapsed'])?"0":$sarg['max_elapsed']); - $lastlog=(empty($sarg['lastlog'])?"0":$sarg['lastlog']); - $topuser_num=(empty($sarg['topuser_num'])?"0":$sarg['topuser_num']); - $authfail_report_limit=(empty($sarg['authfail_report_limit'])?"0":$sarg['authfail_report_limit']); - $denied_report_limit=(empty($sarg['denied_report_limit'])?"0":$sarg['denied_report_limit']); - $report_limit=(empty($sarg['user_report_limit'])?"0":$sarg['user_report_limit']); - $user_report_limit = "siteusers_report_limit ".$report_limit."\n"; - $user_report_limit .= "user_report_limit ".$report_limit."\n"; - if(preg_match("/(squidguard|dansguardian)/",$sarg['proxy_server'])){ - $user_report_limit .= $sarg['proxy_server']."_report_limit ".$report_limit."\n"; - } - - #user tab - $ntlm_user_format=(empty($sarguser['ntlm_user_format'])?'domainname+username':$sarguser['ntlm_user_format']); - if(!empty($sarguser['include_userlist'])) - $include_users="$include_users ".$sarguser['include_userlist']; - - if(empty($sarguser['usertab'])){ + + // general tab + $graphs = (preg_match('/use_graphs/', $sarg['report_options']) ? "yes" : "no"); + $anonymous_output_files = (preg_match('/anonymous_output_files/', $sarg['report_options']) ? "yes" : "no"); + $resolve_ip = (preg_match('/resolve_ip/', $sarg['report_options']) ? "yes" : "no"); + $user_ip = (preg_match('/user_ip/', $sarg['report_options']) ? "yes" : "no"); + $sort_order = (preg_match('/user_sort_field_order/', $sarg['report_options']) ? "reverse" : "normal"); + $remove_temp_files = (preg_match('/remove_temp_files/', $sarg['report_options']) ? "yes" : "no"); + $main_index = (preg_match('/main_index/', $sarg['report_options']) ? "yes" : "no"); + $index_tree = (preg_match('/index_tree/', $sarg['report_options']) ? "file" : "date"); + $overwrite_report = (preg_match('/overwrite_report/', $sarg['report_options']) ? "yes" : "no"); + $use_comma = (preg_match('/use_comma/', $sarg['report_options']) ? "yes" : "no"); + $long_url = (preg_match('/long_url/', $sarg['report_options']) ? "yes" : "no"); + $privacy = (preg_match('/privacy/', $sarg['report_options']) ? "yes" : "no"); + $displayed_values = (preg_match('/displayed_values/', $sarg['report_options']) ? "abbreviation" : "bytes"); + $bytes_in_sites_users_report = (preg_match('/bytes_in_sites_users_report/', $sarg['report_options']) ? "yes" : "no"); + $date_time_by = (preg_match('/date_time_by_bytes/', $sarg['report_options']) ? "bytes" : ""); + $date_time_by .= (preg_match('/date_time_by_elap/', $sarg['report_options']) ? " elap" : ""); + if (empty($date_time_by)) { + $date_time_by = "bytes"; + } + $date_format = (preg_match("/\w/", $sarg['report_date_format']) ? $sarg['report_date_format'] : "u"); + $report_type = preg_replace('/,/', ' ', $sarg['report_type']); + $report_charset = $sarg['report_charset'] ?: "UTF-8"; + $exclude_string = (empty($sarg['exclude_string']) ? "" : 'exclude_string "' . $sarg['exclude_string'] . '"'); + + // limits + $max_elapsed = $sarg['max_elapsed'] ?: "0"; + $lastlog = $sarg['lastlog'] ?: "0"; + $topuser_num = $sarg['topuser_num'] ?: "0"; + $authfail_report_limit = $sarg['authfail_report_limit'] ?: "0"; + $denied_report_limit = $sarg['denied_report_limit'] ?: "0"; + $report_limit = $sarg['user_report_limit'] ?: "0"; + $user_report_limit = "siteusers_report_limit " . $report_limit . "\n"; + $user_report_limit .= "user_report_limit " . $report_limit . "\n"; + if (preg_match("/(squidguard|dansguardian)/", $sarg['proxy_server'])) { + $user_report_limit .= $sarg['proxy_server'] . "_report_limit " . $report_limit . "\n"; + } + + // user tab + $ntlm_user_format = $sarguser['ntlm_user_format'] ?: 'domainname+username'; + if (!empty($sarguser['include_userlist'])) { + $include_users = "$include_users " . $sarguser['include_userlist']; + } + if (empty($sarguser['usertab'])) { $usertab="none"; - } - else{ - $usertab= SARG_DIR . "/etc/sarg/usertab.conf"; - file_put_contents( SARG_DIR . '/etc/sarg/usertab.conf', sarg_text_area_decode($sarguser['usertab']),LOCK_EX); - } - if($sarguser['ldap_enable']){ - $usertab="ldap"; - $LDAPHost=(empty($sarguser['ldap_host'])?"":"LDAPHost ".$sarguser['ldap_host']); - $LDAPort=(empty($sarguser['ldap_port'])?"":"LDAPPort ".$sarguser['ldap_port']); - $LDAPBindDN=(empty($sarguser['ldap_bind_dn'])?"":"LDAPBindDN ".$sarguser['ldap_bind_dn']); - $LDAPBindPW=(empty($sarguser['ldap_bind_pw'])?"":"LDAPBindPW ".$sarguser['ldap_bind_pw']); - $LDAPBaseSearch=(empty($sarguser['ldap_base_search'])?"":"LDAPBaseSearch ".$sarguser['ldap_base_search']); - $LDAPTargetAttr=(empty($sarguser['ldap_target_Attr'])?"":"LDAPTargetAttr ".$sarguser['ldap_target_Attr']); - $LDAPFilterSearch=(empty($sarguser['ldap_filter_search'])?"":"LDAPFilterSearch ".$sarguser['ldap_filter_search']); - } - - - #move old reports - if (is_dir("/usr/local/www/sarg-reports") && !is_dir("/usr/local/sarg-reports")) + } else { + $usertab = SARG_DIR . "/etc/sarg/usertab.conf"; + file_put_contents(SARG_DIR . '/etc/sarg/usertab.conf', sarg_text_area_decode($sarguser['usertab']), LOCK_EX); + } + if ($sarguser['ldap_enable']) { + $usertab = "ldap"; + $LDAPHost = (empty($sarguser['ldap_host']) ? "" : "LDAPHost " . $sarguser['ldap_host']); + $LDAPort = (empty($sarguser['ldap_port']) ? "" : "LDAPPort " . $sarguser['ldap_port']); + $LDAPBindDN = (empty($sarguser['ldap_bind_dn']) ? "" : "LDAPBindDN " . $sarguser['ldap_bind_dn']); + $LDAPBindPW = (empty($sarguser['ldap_bind_pw']) ? "" : "LDAPBindPW " . $sarguser['ldap_bind_pw']); + $LDAPBaseSearch = (empty($sarguser['ldap_base_search']) ? "" : "LDAPBaseSearch " . $sarguser['ldap_base_search']); + $LDAPTargetAttr = (empty($sarguser['ldap_target_Attr']) ? "" : "LDAPTargetAttr " . $sarguser['ldap_target_Attr']); + $LDAPFilterSearch = (empty($sarguser['ldap_filter_search']) ? "" : "LDAPFilterSearch " . $sarguser['ldap_filter_search']); + } + + // move old reports + if (is_dir("/usr/local/www/sarg-reports") && !is_dir("/usr/local/sarg-reports")) { rename("/usr/local/www/sarg-reports","/usr/local/sarg-reports"); + } + + // check dirs + $dirs = array("/usr/local/sarg-reports", "/usr/local/www/sarg-images", "/usr/local/www/sarg-images/temp"); + foreach ($dirs as $dir) { + if (!is_dir($dir)) { + mkdir($dir, 0755, true); + } + } - #check dirs - $dirs=array("/usr/local/sarg-reports","/usr/local/www/sarg-images","/usr/local/www/sarg-images/temp"); - foreach ($dirs as $dir) - if (!is_dir($dir)) - mkdir ($dir,0755,true); - - #images - $simages=array("datetime.png","graph.png","sarg-squidguard-block.png","sarg.png"); - $simgdir1="/usr/local/www/sarg-images"; - $simgdir2= SARG_DIR . "/etc/sarg/images"; - foreach ($simages as $simage){ - if (!file_exists("{$simgdir1}/{$simage}")) + // images + $simages = array("datetime.png", "graph.png", "sarg-squidguard-block.png", "sarg.png"); + $simgdir1 = "/usr/local/www/sarg-images"; + $simgdir2 = SARG_DIR . "/etc/sarg/images"; + foreach ($simages as $simage) { + if (!file_exists("{$simgdir1}/{$simage}")) { copy("{$simgdir2}/{$simage}","{$simgdir1}/{$simage}"); + } } - - //log_error($_POST['__csrf_magic']." sarg log:". $access_log); - #create sarg config files - $sarg_dir= SARG_DIR; + + // create sarg config files + $sarg_dir = SARG_DIR; include("/usr/local/pkg/sarg.template"); - file_put_contents( SARG_DIR . "/etc/sarg/sarg.conf", $sg, LOCK_EX); - file_put_contents( SARG_DIR . '/etc/sarg/exclude_hosts.conf', sarg_text_area_decode($sarg['exclude_hostlist']),LOCK_EX); - file_put_contents( SARG_DIR . '/etc/sarg/exclude_codes', sarg_text_area_decode($sarg['exclude_codelist']),LOCK_EX); - file_put_contents( SARG_DIR . '/etc/sarg/hostalias',sarg_text_area_decode($sarg['hostalias']),LOCK_EX); - file_put_contents( SARG_DIR . '/etc/sarg/exclude_users.conf', sarg_text_area_decode($sarguser['exclude_userlist']),LOCK_EX); - #check cron_tab - $new_cron=array(); - $cron_found=0; - if (is_array($config['cron']['item'])) - foreach($config['cron']['item'] as $cron){ - if (preg_match("/usr.local.www.sarg.php/",$cron["command"])) + file_put_contents(SARG_DIR . "/etc/sarg/sarg.conf", $sg, LOCK_EX); + file_put_contents(SARG_DIR . '/etc/sarg/exclude_hosts.conf', sarg_text_area_decode($sarg['exclude_hostlist']), LOCK_EX); + file_put_contents(SARG_DIR . '/etc/sarg/exclude_codes', sarg_text_area_decode($sarg['exclude_codelist']), LOCK_EX); + file_put_contents(SARG_DIR . '/etc/sarg/hostalias',sarg_text_area_decode($sarg['hostalias']), LOCK_EX); + file_put_contents(SARG_DIR . '/etc/sarg/exclude_users.conf', sarg_text_area_decode($sarguser['exclude_userlist']), LOCK_EX); + + // check cron_tab + // TODO: Redo this mess to use install_cron_job() instead + $new_cron = array(); + $cron_found = 0; + if (is_array($config['cron']['item'])) { + foreach($config['cron']['item'] as $cron) { + if (preg_match("/usr.local.www.sarg.php/", $cron["command"])) { $cron_found++; - else - $new_cron['item'][]=$cron; + } else { + $new_cron['item'][] = $cron; } + } $cron_cmd="/usr/local/bin/php --no-header /usr/local/www/sarg.php"; - $sarg_schedule_id=0; - if (is_array($config['installedpackages']['sargschedule']['config'])) - foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule){ - if(preg_match('/(\d+)m/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){ - $new_cron['item'][]=array( "minute" => "*/".$matches[1], - "hour" => "*", - "mday" => "*", - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> $cron_cmd." ".$sarg_schedule_id); - $config['cron']=$new_cron; + $sarg_schedule_id = 0; + if (is_array($config['installedpackages']['sargschedule']['config'])) { + foreach ($config['installedpackages']['sargschedule']['config'] as $sarg_schedule) { + if (preg_match('/(\d+)m/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "*/" . $matches[1], + "hour" => "*", + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command" => $cron_cmd . " " . $sarg_schedule_id); + $config['cron'] = $new_cron; $cron_found++; - } - if(preg_match('/(\d+)h/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){ - $new_cron['item'][]=array( "minute" => "0", - "hour" => "*/".$matches[1], - "mday" => "*", - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> $cron_cmd." ".$sarg_schedule_id); - $config['cron']=$new_cron; + } + if (preg_match('/(\d+)h/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "0", + "hour" => "*/" . $matches[1], + "mday" => "*", + "month" => "*", + "wday" => "*", + "who" => "root", + "command" => $cron_cmd . " " . $sarg_schedule_id); + $config['cron'] = $new_cron; $cron_found++; - } - if(preg_match('/(\d+)d/',$sarg_schedule['frequency'],$matches) && $sarg_schedule['enable']){ - $new_cron['item'][]=array( "minute" => "0", - "hour" => "0", - "mday" => "*/".$matches[1], - "month" => "*", - "wday" => "*", - "who" => "root", - "command"=> $cron_cmd." ".$sarg_schedule_id); + } + if (preg_match('/(\d+)d/', $sarg_schedule['frequency'], $matches) && $sarg_schedule['enable']) { + $new_cron['item'][] = array("minute" => "0", + "hour" => "0", + "mday" => "*/" . $matches[1], + "month" => "*", + "wday" => "*", + "who" => "root", + "command"=> $cron_cmd . " " . $sarg_schedule_id); $config['cron']=$new_cron; $cron_found++; - } - $sarg_schedule_id++; - } + } + $sarg_schedule_id++; + } + } - #update cron - if ($cron_found > 0){ - $config['cron']=$new_cron; - write_config(); - configure_cron(); + // update cron + if ($cron_found > 0) { + $config['cron'] = $new_cron; + write_config(); + configure_cron(); } - #Write config if any file from filesystem was loaded - if ($update_conf > 0) + } + + // write config if any file from filesystem was loaded + if ($update_conf > 0) { write_config(); - - #mount filesystem readonly + } + + // mount filesystem readonly conf_mount_ro(); - + sarg_sync_on_changes(); } function sarg_validate_input($post, &$input_errors) { - global $config,$g; + global $config, $g; foreach ($post as $key => $value) { - if (empty($value)) + if (empty($value)) { continue; - # check dansguardian - if (substr($key, 0, 12) == "proxy_server" && $value == "dansguardian"){ - if (is_array($config['installedpackages']['dansguardianlog'])){ - if ($config['installedpackages']['dansguardianlog']['config'][0]['logfileformat']!=3){ - $input_errors[]='Sarg is only compatible with dansguardian log squid mode'; - $input_errors[]='Please change it on service -> dansguarian -> report and log -> log file format'; + } + // check dansguardian + if (substr($key, 0, 12) == "proxy_server" && $value == "dansguardian") { + if (is_array($config['installedpackages']['dansguardianlog'])) { + if ($config['installedpackages']['dansguardianlog']['config'][0]['logfileformat'] != 3) { + $input_errors[] = 'Sarg is only compatible with dansguardian squid mode log'; + $input_errors[] = 'Please change it on Services -> Dansguardian -> Report and log -> Log file format'; } - } - else + } else { $input_errors[]='dansguardian package not detected'; } + } # check squidguard if (substr($key, 0, 10) == "proxy_server" && $value == "squidguard") if (!is_array($config['installedpackages']['squidguardgeneral'])) $input_errors[]='squidguard package not detected'; - # check squid - if (substr($key, 0, 5) == "proxy_server" && $value == "squid"){ - if (is_array($config['installedpackages']['squid'])) - if (!$config['installedpackages']['squid']['log_enabled']) + # check squid + if (substr($key, 0, 5) == "proxy_server" && $value == "squid") { + if (is_array($config['installedpackages']['squid'])) { + if (!$config['installedpackages']['squid']['log_enabled']) { $input_errors[]='squidlogs not enabled'; - else - $input_errors[]='squid package not installed'; } - - if (substr($key, 0, 11) == "description" && !preg_match("@^[a-zA-Z0-9 _/.-]+$@", $value)) - $input_errors[] = "Do not use special characters on description"; - if (substr($key, 0, 8) == "fullfile" && !preg_match("@^[a-zA-Z0-9_/.-]+$@", $value)) - $input_errors[] = "Do not use special characters on filename"; - #check cron option - if($key == "frequency" && (!preg_match("/^\d+(h|m|d)$/",$value) || $value == 0)) - $input_errors[] = "A valid number with a time reference is required for the field 'Update Frequency'"; + } else { + $input_errors[]='squid package not installed'; + } + } + + if (substr($key, 0, 11) == "description" && !preg_match("@^[a-zA-Z0-9 _/.-]+$@", $value)) { + $input_errors[] = "Do not use special characters in description"; + } + if (substr($key, 0, 8) == "fullfile" && !preg_match("@^[a-zA-Z0-9_/.-]+$@", $value)) { + $input_errors[] = "Do not use special characters in filename"; + } + // check cron option + if ($key == "frequency" && (!preg_match("/^\d+(h|m|d)$/", $value) || $value == 0)) { + $input_errors[] = "A valid number with a time reference is required for the field 'Update Frequency'"; + } } } /* Uses XMLRPC to synchronize the changes to a remote node */ function sarg_sync_on_changes() { global $config, $g; - if (is_array($config['installedpackages']['sargsync']['config'])){ - $sarg_sync=$config['installedpackages']['sargsync']['config'][0]; + if (is_array($config['installedpackages']['sargsync']['config'])) { + $sarg_sync = $config['installedpackages']['sargsync']['config'][0]; $synconchanges = $sarg_sync['synconchanges']; $synctimeout = $sarg_sync['synctimeout']; - switch ($synconchanges){ + switch ($synconchanges) { case "manual": - if (is_array($sarg_sync[row])){ - $rs=$sarg_sync[row]; - } - else{ + if (is_array($sarg_sync[row])) { + $rs = $sarg_sync[row]; + } else { log_error("[sarg] xmlrpc sync is enabled but there is no hosts to push on sarg config."); return; - } + } break; case "auto": - if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])){ - $system_carp=$config['installedpackages']['carpsettings']['config'][0]; - $rs[0]['ipaddress']=$system_carp['synchronizetoip']; - $rs[0]['username']=$system_carp['username']; - $rs[0]['password']=$system_carp['password']; - if ($system_carp['synchronizetoip'] =="" || $system_carp['username']==""){ - log_error("[sarg] xmlrpc sync is enabled but there is no system backup hosts to push sarg config."); - return; - } - - } - else{ - log_error("[sarg] xmlrpc sync is enabled but there is no system backup hosts to push sarg config."); + if (is_array($config['installedpackages']['carpsettings']) && is_array($config['installedpackages']['carpsettings']['config'])) { + $system_carp = $config['installedpackages']['carpsettings']['config'][0]; + $rs[0]['ipaddress'] = $system_carp['synchronizetoip']; + $rs[0]['username'] = $system_carp['username']; + $rs[0]['password'] = $system_carp['password']; + if ($system_carp['synchronizetoip'] == "" || $system_carp['username'] == "") { + log_error("[sarg] xmlrpc sync is enabled but there are no system backup hosts to push sarg config."); return; } - break; + + } else { + log_error("[sarg] xmlrpc sync is enabled but there are no system backup hosts to push sarg config."); + return; + } + break; default: return; break; } - if (is_array($rs)){ + if (is_array($rs)) { log_error("[sarg] xmlrpc sync is starting."); - foreach($rs as $sh){ + foreach($rs as $sh) { $sync_to_ip = $sh['ipaddress']; $password = $sh['password']; - if($sh['username']) + if ($sh['username']) { $username = $sh['username']; - else + } else { $username = 'admin'; - if($password && $sync_to_ip) + } + if ($password && $sync_to_ip) { sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout); } - log_error("[sarg] xmlrpc sync is ending."); } - } + log_error("[sarg] xmlrpc sync is ending."); + } + } } -/* Do the actual XMLRPC sync */ +/* do the actual XMLRPC sync */ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { global $config, $g; - if(!$username) + if (!$username) { return; - - if(!$password) + } + + if (!$password) { return; + } - if(!$sync_to_ip) + if (!$sync_to_ip) { return; - - if(!$synctimeout) - $synctimeout="150"; - + } + + if (!$synctimeout) { + $synctimeout="250"; + } + $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { + + if ($config['system']['webgui']['protocol'] != "") { $synchronizetoip = $config['system']['webgui']['protocol']; $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") + } + $port = $config['system']['webgui']['port']; + /* if port is empty, let's rely on the protocol selection */ + if ($port == "") { + if ($config['system']['webgui']['protocol'] == "http") { $port = "80"; - else + } else { $port = "443"; - } + } + } $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ @@ -547,22 +564,23 @@ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { XML_RPC_encode($xml) ); - /* set a few variables needed for sync code borrowed from filter.inc */ + /* set a few variables needed for sync code */ $url = $synchronizetoip; log_error("Beginning sarg XMLRPC sync to {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); - if($g['debug']) + if ($g['debug']) { $cli->setDebug(1); + } /* send our XMLRPC message and timeout after $synctimeout seconds */ $resp = $cli->send($msg, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port}."; log_error($error); file_notice("sync_settings", $error, "sarg Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -571,27 +589,27 @@ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { } else { log_error("sarg XMLRPC sync successfully completed with {$url}:{$port}."); } - + /* tell sarg to reload our settings on the destionation sync host. */ $method = 'pfsense.exec_php'; - $execcmd = "require_once('/usr/local/pkg/sarg.inc');\n"; + $execcmd = "require_once('/usr/local/pkg/sarg.inc');\n"; $execcmd .= "sync_package_sarg();"; /* assemble xmlrpc payload */ $params = array( XML_RPC_encode($password), XML_RPC_encode($execcmd) ); - + log_error("sarg XMLRPC reload data {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials($username, $password); $resp = $cli->send($msg, $synctimeout); - if(!$resp) { + if (!$resp) { $error = "A communications error occurred while attempting sarg XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; log_error($error); file_notice("sync_settings", $error, "sarg Settings Sync", ""); - } elseif($resp->faultCode()) { + } elseif ($resp->faultCode()) { $cli->setDebug(1); $resp = $cli->send($msg, $synctimeout); $error = "An error code was received while attempting sarg XMLRPC sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); @@ -600,15 +618,6 @@ function sarg_do_xmlrpc_sync($sync_to_ip, $username, $password,$synctimeout) { } else { log_error("sarg XMLRPC reload data success with {$url}:{$port} (pfsense.exec_php)."); } - -} - -function sarg_php_install_command() { - sync_package_sarg(); -} - -function sarg_php_deinstall_command() { - // reserved } ?> diff --git a/config/sarg/sarg.php b/config/sarg/sarg.php index 98e6c426..7ac0d8aa 100644 --- a/config/sarg/sarg.php +++ b/config/sarg/sarg.php @@ -1,50 +1,45 @@ <?php -/* $Id$ */ -/* ========================================================================== */ /* - sarg.php - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - - All rights reserved. -*/ -/* ========================================================================== */ -/* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + sarg.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ require_once("/etc/inc/util.inc"); require_once("/etc/inc/functions.inc"); require_once("/etc/inc/pkg-utils.inc"); require_once("/etc/inc/globals.inc"); require_once("/usr/local/pkg/sarg.inc"); -$uname=posix_uname(); -if ($uname['machine']=='amd64') - ini_set('memory_limit', '250M'); +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') { + ini_set('memory_limit', '250M'); +} -if (preg_match ("/(\d+)/",$argv[1],$matches)) +if (preg_match("/(\d+)/", $argv[1], $matches)) { run_sarg($matches[1]); +} - -?>
\ No newline at end of file +?> diff --git a/config/sarg/sarg.priv.inc b/config/sarg/sarg.priv.inc index 4878c96e..d01066e2 100644 --- a/config/sarg/sarg.priv.inc +++ b/config/sarg/sarg.priv.inc @@ -4,7 +4,7 @@ global $priv_list; $priv_list['page-status-sarg-reports'] = array(); $priv_list['page-status-sarg-reports']['name'] = "WebCfg - Status: Sarg reports"; -$priv_list['page-status-sarg-reports']['descr'] = "Allow access to sarg reports page."; +$priv_list['page-status-sarg-reports']['descr'] = "Allow access to Sarg reports page."; $priv_list['page-status-sarg-reports']['match'] = array(); $priv_list['page-status-sarg-reports']['match'][] = "sarg_reports.php*"; $priv_list['page-status-sarg-reports']['match'][] = "sarg_frame.php*"; diff --git a/config/sarg/sarg.template b/config/sarg/sarg.template index abda925b..af08851c 100644 --- a/config/sarg/sarg.template +++ b/config/sarg/sarg.template @@ -1,8 +1,9 @@ <?php /* - sag.template - part of the Dansguardian package for pfSense - Copyright (C) 2012 Marcello Coutinho + sarg.template + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -25,11 +26,9 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#create sarg.conf - $sg=<<<EOF +// create sarg.conf + $sg = <<<EOF # sarg.conf # # TAG: access_log file @@ -39,7 +38,7 @@ access_log {$access_log} # TAG: graphs yes|no -# Use graphics where is possible. +# Use graphics where possible. # graph_days_bytes_bar_color blue|green|yellow|orange|brown|red # graphs {$graphs} @@ -52,37 +51,37 @@ graphs {$graphs} #graph_font /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf # TAG: title -# Especify the title for html page. +# Specify the title for html page. # #title "Squid User Access Reports" # TAG: font_face -# Especify the font for html page. +# Specify the font for html page. # #font_face Tahoma,Verdana,Arial # TAG: header_color -# Especify the header color +# Specify the header color # #header_color darkblue # TAG: header_bgcolor -# Especify the header bgcolor +# Specify the header bgcolor # #header_bgcolor blanchedalmond # TAG: font_size -# Especify the text font size +# Specify the text font size # #font_size 9px # TAG: header_font_size -# Especify the header font size +# Specify the header font size # #header_font_size 9px # TAG: title_font_size -# Especify the title font size +# Specify the title font size # #title_font_size 11px @@ -135,7 +134,7 @@ graphs {$graphs} # TAG: password # User password file used by Squid authentication scheme -# If used, generate reports just for that users. +# If used, generate reports just for those users. # #password none @@ -153,7 +152,7 @@ output_dir /usr/local/sarg-reports # TAG: anonymous_output_files yes/no # Use anonymous file and directory names in the report. If it is set to -# no (the default), the user id/ip/name is slightly mangled to create a +# no (the default), the user ID/IP/name is slightly mangled to create a # suitable file name to store the report of the user but the user's # identity can easily be guessed from the mangled name. If this option is # set, any file or directory belonging to the user is replaced by a short @@ -169,12 +168,12 @@ anonymous_output_files {$anonymous_output_files} #output_email none # TAG: resolve_ip yes/no -# Convert ip address to dns name +# Convert IP address to DNS name # sarg -n resolve_ip {$resolve_ip} # TAG: user_ip yes/no -# Use Ip Address instead userid in reports. +# Use IP address instead of userid in reports. # sarg -p user_ip {$user_ip} @@ -192,22 +191,22 @@ user_sort_field {$sarguser['user_sort_field']} {$sort_order} # TAG: exclude_users file # users within the file will be excluded from reports. -# you can use indexonly to have only index.html file. +# You can use indexonly to have only index.html file. # exclude_users {$sarg_dir}/etc/sarg/exclude_users.conf # TAG: exclude_hosts file # Hosts, domains or subnets will be excluded from reports. # -# Eg.: 192.168.10.10 - exclude ip address only -# 192.168.10.0/24 - exclude full C class -# s1.acme.foo - exclude hostname only -# *.acme.foo - exclude full domain name +# Eg.: 192.168.10.10 - exclude this IP address only +# 192.168.10.0/24 - exclude entire subnet +# host1.example.com - exclude this hostname only +# *.example.com - exclude entire domain # exclude_hosts {$sarg_dir}/etc/sarg/exclude_hosts.conf # TAG: useragent_log file -# useragent.log file patch to generate useragent report. +# useragent.log file path to generate useragent report. # #useragent_log none @@ -219,12 +218,12 @@ date_format {$date_format} # TAG: per_user_limit file MB # Saves userid on file if download exceed n MB. -# This option allow you to disable user access if user exceed a download limit. +# This option allows you to disable user access if user exceeds a download limit. # #per_user_limit none # TAG: lastlog n -# How many reports files must be kept in reports directory. +# How many reports files will be kept in reports directory. # The oldest report file will be automatically removed. # 0 - no limit. # @@ -232,7 +231,7 @@ date_format {$date_format} lastlog {$lastlog} # TAG: remove_temp_files yes -# Remove temporary files: geral, usuarios, top, periodo from root report directory. +# Remove temporary files from root report directory. # remove_temp_files {$remove_temp_files} @@ -254,8 +253,8 @@ index_tree {$index_tree} #index_fields dirsize # TAG: overwrite_report yes|no -# yes - if report date already exist then will be overwrited. -# no - if report date already exist then will be renamed to filename.n, filename.n+1 +# yes - if report date already exist it will be overwrited. +# no - if report date already exist it will be renamed to filename.n, filename.n+1 # overwrite_report {$overwrite_report} @@ -263,13 +262,13 @@ overwrite_report {$overwrite_report} # What can I do with records without user id (no authentication) in access.log file ? # # ignore - This record will be ignored. -# ip - Use ip address instead. (default) +# ip - Use IP address instead. (default) # everybody - Use "everybody" instead. # #records_without_userid ip # TAG: use_comma no|yes -# Use comma instead point in reports. +# Use comma instead of dot in reports. # Eg.: use_comma yes => 23,450,110 # use_comma no => 23.450.110 # @@ -283,7 +282,7 @@ use_comma {$use_comma} # here. # # If you need too, you can use a shell script to process the content of /dev/stdin -# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever +# (/dev/stdin is the mail_content passed by Sarg to the script) and call whatever # command you like. It is not limited to mailing the report via SMTP. # # Don't forget to quote the command if necessary (i.e. if the path contains @@ -297,17 +296,17 @@ use_comma {$use_comma} #topsites_num 100 # TAG: topsites_sort_order CONNECT|BYTES|TIME A|D -# Sort for topsites report, where A=Ascendent, D=Descendent +# Sort for topsites report, where A=Ascending, D=Descending # #topsites_sort_order CONNECT D # TAG: index_sort_order A/D -# Sort for index.html, where A=Ascendent, D=Descendent +# Sort for index.html, where A=Ascending, D=Descending # #index_sort_order D # TAG: exclude_codes file -# Ignore records with these codes. Eg.: NONE/400 +# Ignore records with these Squid return codes. Eg.: NONE/400 # Write one code per line. Lines starting with a # are ignored. # Only codes matching exactly one of the line is rejected. The # comparison is not case sensitive. @@ -316,12 +315,12 @@ exclude_codes {$sarg_dir}/etc/sarg/exclude_codes # TAG: replace_index string # Replace "index.html" in the main index file with this string -# If null "index.html" is used +# If null, "index.html" is used # #replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?> # TAG: max_elapsed milliseconds -# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time. +# If elapsed time recorded in log is greater than max_elapsed, use 0 for elapsed time. # Use 0 for no checking # #max_elapsed 28800000 @@ -330,7 +329,7 @@ max_elapsed {$max_elapsed} # TAG: report_type type # What kind of reports to generate. -# topusers - users, sites, times, bytes, connects, links to accessed sites, etc +# topusers - users, sites, times, bytes, connects, links to accessed sites, etc. # topsites - site, connect and bytes report # sites_users - users and sites report # users_sites - accessed sites by the user report @@ -346,12 +345,12 @@ max_elapsed {$max_elapsed} report_type {$report_type} # TAG: usertab filename -# You can change the "userid" or the "ip address" to be a real user name on the reports. -# If resolve_ip is active, the ip address is resolved before being looked up into this -# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or -# the resolved name will be looked into the file instead of the ip address. Note that -# it can be used to resolve any ip address known to the dns and then map the unresolved -# ip addresses to a name found in the usertab file. +# You can change the "userid" or the "IP address" to be a real user name on the reports. +# If resolve_ip is active, the IP address is resolved before being looked up in this +# file. That is, if you want to map the ip address, be sure to set resolve_ip to no or +# the resolved name will be looked up in the file instead of the IP address. Note that +# it can be used to resolve any IP address known to the DNS and then map the unresolved +# IP addresses to a name found in the usertab file. # Table syntax: # userid name or ip address name # Eg: @@ -360,9 +359,9 @@ report_type {$report_type} # 192.168.10.1 Karol Wojtyla # # Each line must be terminated with '\ n' -# If usertab have value "ldap" (case ignoring), user names -# will be taken from LDAP server. This method as approaches for reception -# of usernames from Active Didectory +# If usertab is set to value "ldap" (case ignored), user names +# will be taken from LDAP server. Use this method to obtain usernames +# LDAP / Active Directory. # #usertab none usertab {$usertab} @@ -380,34 +379,35 @@ usertab {$usertab} {$LDAPPort} # TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com -# DN of LDAP user, who is authorized to read user's names from LDAP base +# DN of the LDAP user who is authorized to the search the LDAP database # default is empty line #LDAPBindDN cn=proxy,dc=mydomain,dc=local {$LDAPBindDN} # TAG: LDAPBindPW secret -# Password of DN, who is authorized to read user's names from LDAP base +# Password for LDAPBindDN specified above. # default is empty line #LDAPBindPW secret {$LDAPBindPW} # TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com -# LDAP search base +# LDAP search base DN. The search base is the place in the hierarchical LDAP structure +# where the search for user accounts starts. # default is empty line #LDAPBaseSearch ou=users,dc=mydomain,dc=local {$LDAPBaseSearch} # TAG: LDAPFilterSearch (uid=%s) -# User search filter by user's logins in LDAP +# Use this to filter the user login entries to be returned for a search operation in LDAP. # First founded record will be used # %s - will be changed to userlogins from access.log file -# filter string can have up to 5 '%s' tags +# Search filter string can have up to 5 '%s' tags. # default value is '(uid=%s)' #LDAPFilterSearch (uid=%s) {$LDAPFilterSearch} # TAG: LDAPTargetAttr attributename -# Name of the attribute containing a name of the user +# Name of the attribute containing the login name of the user. # default value is 'cn' #LDAPTargetAttr cn {$LDAPTargetAttr} @@ -431,15 +431,15 @@ date_time_by {$date_time_by} # graphic character sets for writing in alphabetic languages # You can use the following charsets: # Latin1 - West European -# Latin2 - East European -# Latin3 - South European -# Latin4 - North European +# Latin2 - Central and East European +# Latin3 - Southeast European +# Latin4 - Scandinavian/Baltic # Cyrillic # Arabic # Greek # Hebrew # Latin5 - Turkish -# Latin6 +# Latin6 - Lappish/Nordic/Eskimo # Windows-1251 # Japan # Koi8-r @@ -457,7 +457,7 @@ charset {$report_charset} # privacy_string "***.***.***.***" # privacy_string_color blue # In some countries the sysadm cannot see the visited sites by a restrictive law. -# Using privacy yes the visited url will be changes by privacy_string and the link +# Using privacy 'yes', the visited url will be changes by privacy_string and the link # will be removed from reports. # privacy {$privacy} @@ -525,7 +525,7 @@ topuser_num {$topuser_num} {$datafile_fields} # TAG: datafile_url ip|name -# Saves the URL as ip or name in datafile +# Saves the URL as IP or name in datafile # #datafile_url ip @@ -552,8 +552,8 @@ topuser_num {$topuser_num} dansguardian_conf {$dansguardian_conf} # TAG: dansguardian_filter_out_date on|off -# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action. -# Note the change of parameter value compared with the old option. +# This option replaces dansguardian_ignore_date (its name was not appropriate with respect to its action). +# Note the change of parameter value compared to the old option. # 'off' use the record even if its date is outside of the range found in the input log file. # 'on' use the record only if its date is in the range found in the input log file. # @@ -569,7 +569,7 @@ dansguardian_conf {$dansguardian_conf} {$squidguard_conf} # TAG: redirector_log file -# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option +# The location of the web proxy redirector log, such as one created by squidGuard or Rejik. The option # may be repeated up to 64 times to read multiple files. # If this option is specified, it takes precedence over squidguard_conf. # The command line option -L override this option. @@ -577,9 +577,9 @@ dansguardian_conf {$dansguardian_conf} #redirector_log /usr/local/squidGuard/var/logs/urls.log # TAG: redirector_filter_out_date on|off -# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not -# appropriate with respect to their action. -# Note the change of parameter value compared with the old options. +# This option replaces squidguard_ignore_date and redirector_ignore_date (their names were not +# appropriate with respect to their actions). +# Note the change of parameter value compared to the old options. # 'off' use the record even if its date is outside of the range found in the input log file. # 'on' use the record only if its date is in the range found in the input log file. # @@ -587,23 +587,23 @@ dansguardian_conf {$dansguardian_conf} # TAG: redirector_log_format # Format string for web proxy redirector logs. -# This option was named squidguard_log_format before sarg 2.3. +# This option was named squidguard_log_format before Sarg 2.3. # REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end# # SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# #redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# {$redirector_log_format} # TAG: show_sarg_info yes|no -# shows sarg information and site path on each report bottom +# shows Sarg information and site path on each report bottom # show_sarg_info no # TAG: show_sarg_logo yes|no -# shows sarg logo +# shows Sarg logo # show_sarg_logo no # TAG: parsed_output_log directory -# Saves the processed log in a sarg format after parsing the squid log file. +# Saves the processed log in a Sarg format after parsing the squid log file. # This is a way to dump all of the data structures out, after parsing from # the logs (presumably this data will be much smaller than the log files themselves), # and pull them back in for later processing and merging with data from previous logs. @@ -657,27 +657,27 @@ denied_report_limit {$denied_report_limit} www_document_root /usr/local/www # TAG: block_it module_url -# This tag allow you to pass urls from user reports to a cgi or php module, -# to be blocked by some Squid acl +# This tag allows you to pass urls from user reports to a cgi or php module, +# to be blocked by some Squid acl. # # Eg.: block_it /sarg-php/sarg-block-it.php # sarg-block-it is a php that will append a url to a flat file. # You must change /var/www/html/sarg-php/sarg-block-it to point to your file -# in $filename variable, and chown to a httpd owner. +# in $filename variable, and chown to the httpd owner. # -# sarg will pass http://module_url?url=url +# Sarg will pass http://module_url?url=url # #block_it none # TAG: external_css_file path -# Provide the path to an external css file to link into the HTML reports instead of -# the inline css written by sarg when this option is not set. +# Provide the path to an external CSS file to link into the HTML reports instead of +# the inline CSS written by sarg when this option is not set. # # In versions prior to 2.3, this used to be an absolute file name to # a file to include verbatim in each HTML page but, as it takes a lot of -# space, version 2.3 switched to a link to an external css file. +# space, version 2.3 switched to a link to an external CSS file. # Therefore, this option must contain the HTTP server path on which a client -# browser may find the css file. +# browser may find the CSS file. # # Sarg use theses style classes: # .logo logo class @@ -692,7 +692,7 @@ www_document_root /usr/local/www # .data3 table text class, align:center # .link link class # -# Sarg can be instructed to output the internal css it inline +# Sarg can be instructed to output the internal CSS it inline # into the reports with this command: # # sarg --css @@ -721,8 +721,8 @@ www_document_root /usr/local/www # TAG: ulimit n # The maximum number of open file descriptors to avoid "Too many open files" error message. -# You need to run sarg as root to use ulimit tag. -# If you run sarg with a low privilege user, set to 'none' to disable ulimit +# You need to run Sarg as root to use ulimit tag. +# If you run Sarg with a low privilege user, set to 'none' to disable ulimit # #ulimit 20000 @@ -733,7 +733,7 @@ www_document_root /usr/local/www ntlm_user_format {$ntlm_user_format} # TAG: realtime_refresh_time num sec -# How many time to auto refresh the realtime report +# How many seconds between auto refresh of the realtime report. # 0 = disable # realtime_refresh_time 0 @@ -775,24 +775,24 @@ realtime_unauthenticated_records show # is at the root of your web site. # # If the path starts with "../" then it is assumed to be a relative -# path and sarg adds as many "../" as necessary to locate the js script from +# path and Sarg adds as many "../" as necessary to locate the js script from # the output directory. Therefore, ../../sorttable.js links to the javascript # one level above output_dir. # # If this entry is set, each sortable table will have the "sortable" class set. # You may have a look at http://www.kryogenix.org/code/browser/sorttable/ -# for the implementation on which sarg is based. +# for the implementation on which Sarg is based. # sorttable /sarg_sorttable.js # TAG: hostalias -# The name of a text file containing the host names one per line and the +# The name of a text file containing the host names (one per line) and the # optional alias to use in the report instead of that host name. # Host names may contain up to one wildcard denoted by a *. The wildcard -# must not end the host name. -# The host name may be followed by an optional alias but if no alias is -# provided, the host name, including the wildcard, replaces any matching -# host name found in the log. +# must not be at the end of the host name. +# The host name may be followed by an optional alias; if no alias is provided, +# the host name, including the wildcard, replaces any matching host name found +# in the log. # Host names replaced by identical aliases are grouped together in the # reports. # IP addresses are supported and accept the CIDR notation both for IPv4 and diff --git a/config/sarg/sarg.xml b/config/sarg/sarg.xml index 9266d211..00da6470 100644 --- a/config/sarg/sarg.xml +++ b/config/sarg/sarg.xml @@ -1,116 +1,103 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - sarg.xml - part of the sarg for pfSense - Copyright (C) 2012-2013 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + sarg.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012-2013 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + - 1. Redistributions of source code MUST retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>sarg</name> - <version>1.0</version> + <version>0.6.5</version> <title>Status: Sarg Settings</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <menu> <name>Sarg Reports</name> - <tooltiptext>Configure sarg</tooltiptext> + <tooltiptext>Configure Sarg</tooltiptext> <section>Status</section> <url>/pkg_edit.php?xml=sarg.xml</url> </menu> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg.inc</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_schedule.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_sync.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_users.xml</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_realtime.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_about.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_reports.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_frame.php</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg_sorttable.js</item> <prefix>/usr/local/www/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg.template</item> <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> </additional_files_needed> <additional_files_needed> <item>https://packages.pfsense.org/packages/config/sarg/sarg.priv.inc</item> <prefix>/etc/inc/priv/</prefix> - <chmod>0755</chmod> </additional_files_needed> <tabs> <tab> @@ -142,120 +129,133 @@ <text>Help</text> <url>/sarg_about.php</url> </tab> -</tabs> + </tabs> <fields> <field> <name>Report Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Proxy server</fielddescr> + <fielddescr>Proxy Server</fielddescr> <fieldname>proxy_server</fieldname> - <description><![CDATA[Select proxy server to read logs from]]></description> - <type>select</type> - <options> + <description>Select proxy server type to read logs from.</description> + <type>select</type> + <options> <option><name>Dansguardian</name><value>dansguardian</value></option> <option><name>Squidguard</name><value>squidguard</value></option> <option><name>Squid</name><value>squid</value></option> - </options> + </options> </field> <field> <fielddescr>Report Options</fielddescr> <fieldname>report_options</fieldname> - <description><![CDATA[Sarg report options. Default values are in ( )<br> - If you select any option, it will be enabled on conf file.<br> - Use CTRL + click on this field]]></description> - <type>select</type> - <options> - <option><name>Use graphics where is possible. (yes)</name><value>use_graphs</value></option> + <description> + <![CDATA[ + Select Sarg report options. Default values are in ( )<br /> + Use CTRL + click to (de)select multiple values. + ]]> + </description> + <type>select</type> + <options> + <option><name>Use graphs where is possible. (yes)</name><value>use_graphs</value></option> <option><name>Use anonymous file and directory names in the report. (no)</name><value>anonymous_output_files </value></option> - <option><name>Convert ip address to dns name (no)</name><value>resolve_ip</value></option> - <option><name>Use Ip Address instead userid in reports. (no)</name><value>user_ip</value></option> - <option><name>Sort Fields in Reverse order (no)</name><value>user_sort_field_order</value></option> - <option><name>Remove temporary files from root report directory (yes)</name><value>remove_temp_files</value></option> + <option><name>Convert IP address to DNS name (no)</name><value>resolve_ip</value></option> + <option><name>Use IP Address instead userid in reports. (no)</name><value>user_ip</value></option> + <option><name>Sort Fields in reverse order (no)</name><value>user_sort_field_order</value></option> + <option><name>Remove temporary files from root report directory (yes)</name><value>remove_temp_files</value></option> <option><name>Generate the main index.html (yes)</name><value>main_index</value></option> <option><name>Generate the index tree by file (yes)</name><value>index_tree</value></option> <option><name>Overwrite report (no)</name><value>overwrite_report</value></option> - <option><name>Use comma instead point in reports (yes)</name><value>use_comma</value></option> - <option><name>Show full url in report (no)</name><value>long_url</value></option> + <option><name>Use comma instead of dot in reports (yes)</name><value>use_comma</value></option> + <option><name>Show full URL in report (no)</name><value>long_url</value></option> <option><name>Privacy (no)</name><value>privacy</value></option> - <option><name>Show Bytes in sites users reports(no)</name><value>bytes_in_sites_users_report</value></option> - <option><name>Show values in reports using abbreviation (no)</name><value>displayed_values</value></option> + <option><name>Show bytes in sites users reports (no)</name><value>bytes_in_sites_users_report</value></option> + <option><name>Show abbreviated values in reports (no)</name><value>displayed_values</value></option> <option><name>Show the downloaded volume on Date/Time reports (yes)</name><value>date_time_by_bytes</value></option> - <option><name>Show the downloaded elapsed time on Date/Time reports (no)</name><value>date_time_by_elap</value></option> - </options> - <multiple/> - <size>17</size> + <option><name>Show the elapsed time on Date/Time reports (no)</name><value>date_time_by_elap</value></option> + </options> + <multiple/> + <size>16</size> </field> <field> - <fielddescr>Report to generate</fielddescr> + <fielddescr>Report To Generate</fielddescr> <fieldname>report_type</fieldname> - <description><![CDATA[Sarg report type. All are enabled by default<br> - Use CTRL + click on this field]]></description> - <type>select</type> - <options> - <option><name>topusers - users, sites, times, bytes, connects, links to accessed sites, etc</name><value>topusers</value></option> - <option><name>topsites - site, connect and bytes report</name><value>topsites</value></option> - <option><name>sites_users - users and sites report</name><value>sites_users</value></option> - <option><name>users_sites - accessed sites by the user report</name><value>users_sites</value></option> - <option><name>date_time - bytes used per day and hour report</name><value>date_time</value></option> - <option><name>denied - denied sites with full URL report</name><value>denied</value></option> - <option><name>auth_failures - autentication failures report</name><value>auth_failures</value></option> + <description> + <![CDATA[ + Sarg report type. All types are enabled by default.<br /> + Use CTRL + click to (de)select multiple values. + ]]> + </description> + <type>select</type> + <options> + <option><name>topusers - users, sites, times, bytes, connects, links to accessed sites, etc.</name><value>topusers</value></option> + <option><name>topsites - site, connect and bytes report</name><value>topsites</value></option> + <option><name>sites_users - users and sites report</name><value>sites_users</value></option> + <option><name>users_sites - sites accessed by the user report</name><value>users_sites</value></option> + <option><name>date_time - bytes used per day and hour report</name><value>date_time</value></option> + <option><name>denied - denied sites with full URL report</name><value>denied</value></option> + <option><name>auth_failures - autentication failures report</name><value>auth_failures</value></option> <option><name>site_user_time_date - sites, dates, times and bytes report</name><value>site_user_time_date</value></option> - <option><name>downloads - downloads per user report</name><value>downloads</value></option> - </options> - <multiple/> - <size>10</size> + <option><name>downloads - downloads per user report</name><value>downloads</value></option> + </options> + <multiple/> + <size>9</size> </field> <field> <fielddescr>Date Format</fielddescr> <fieldname>report_date_format</fieldname> - <description><![CDATA[Date format to use in reports.]]></description> + <description>Date format to use in reports.</description> <type>select</type> <options> - <option><name>American mm/dd/yy (default)</name><value>u</value></option> - <option><name>European dd/mm/yy</name><value>e</value></option> - <option><name>Weekly yy.ww</name><value>w</value></option> + <option><name>American mm/dd/yy (default)</name><value>u</value></option> + <option><name>European dd/mm/yy</name><value>e</value></option> + <option><name>Weekly yy.ww</name><value>w</value></option> </options> + <default_value>u</default_value> </field> <field> - <fielddescr>Report charset</fielddescr> + <fielddescr>Report Charset</fielddescr> <fieldname>report_charset</fieldname> - <description><![CDATA[ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit) graphic character sets for writing in alphabetic languages]]></description> + <description>Select character set for the reports.</description> <type>select</type> <options> - <option><name>UTF-8 (Default)</name><value>UTF-8</value></option> - <option><name>Latin1 - West European</name><value>Latin1</value></option> - <option><name>Latin2 - East European</name><value>Latin2</value></option> - <option><name>Latin3 - South European</name><value>Latin3</value></option> - <option><name>Latin4 - North European</name><value>Latin4</value></option> - <option><name>Latin5 - Turkish</name><value>Latin5</value></option> - <option><name>Latin6</name><value>Latin6</value></option> - <option><name>Cyrillic</name><value>Cyrillic</value></option> - <option><name>Arabic</name><value>Arabic</value></option> - <option><name>Greek</name><value>Greek</value></option> - <option><name>Hebrew</name><value>Hebrew</value></option> - <option><name>Windows-1251</name><value>Windows-1251</value></option> - <option><name>Japan</name><value>Japan</value></option> - <option><name>Koi8-r</name><value>Koi8-r</value></option> + <option><name>UTF-8 (default)</name><value>UTF-8</value></option> + <option><name>Latin1 - West European</name><value>Latin1</value></option> + <option><name>Latin2 - Central and East European</name><value>Latin2</value></option> + <option><name>Latin3 - Southeast European</name><value>Latin3</value></option> + <option><name>Latin4 - Scandinavian/Baltic</name><value>Latin4</value></option> + <option><name>Latin5 - Turkish</name><value>Latin5</value></option> + <option><name>Latin6 - Lappish/Nordic/Eskimo</name><value>Latin6</value></option> + <option><name>Cyrillic</name><value>Cyrillic</value></option> + <option><name>Arabic</name><value>Arabic</value></option> + <option><name>Greek</name><value>Greek</value></option> + <option><name>Hebrew</name><value>Hebrew</value></option> + <option><name>Windows-1251</name><value>Windows-1251</value></option> + <option><name>Japan</name><value>Japan</value></option> + <option><name>KOI8-R</name><value>Koi8-r</value></option> </options> + <default_value>UTF-8</default_value> </field> <field> <fielddescr>Host Aliases</fielddescr> <fieldname>hostalias</fieldname> - <description><![CDATA[The name of a text file containing the host names one per line and the optional alias to use in the report instead of that host name.<br> - Host names may contain up to one wildcard denoted by a *. The wildcard must not end the host name.<br> - The host name may be followed by an optional alias but if no alias is provided, the host name, including the wildcard, replaces any matching host name found in the log.<br> - Host names replaced by identical aliases are grouped together in the reports.<br> - IP addresses are supported and accept the CIDR notation both for IPv4 and IPv6 addresses.<br> - Sample:<br> - *.gstatic.com<br> - mt*.google.com<br> - *.myphone.microsoft.com<br> - *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure<br> - *.freeav.net antivirus:freeav<br> - *.mail.live.com<br> - 65.52.00.00/14 *.mail.live.com]]></description> + <description> + <![CDATA[ + Host names (one per line) and the optional alias to use in the report instead of that host name.<br /> + Host names may contain up to one wildcard denoted by a *. The wildcard must not be at the end of the host name.<br /> + The host name may be followed by an optional alias; if no alias is provided, the host name, including the wildcard, replaces any matching host name found in the log.<br /> + Host names replaced by identical aliases are grouped together in the reports.<br /> + IP addresses are supported and accept the CIDR notation both for IPv4 and IPv6 addresses.<br /><br /> + <strong>Examples:</strong><br /> + *.gstatic.com<br /> + mt*.google.com<br /> + *.myphone.microsoft.com<br /> + *.myphone.microsoft.com:443 *.myphone.microsoft.com:secure<br /> + *.freeav.net antivirus:freeav<br /> + *.mail.live.com<br /> + 65.52.00.00/14 *.mail.live.com + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> @@ -268,77 +268,107 @@ <field> <fielddescr>Max Elapsed</fielddescr> <fieldname>max_elapsed</fieldname> - <description><![CDATA[If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.<br> - Samples: 0 means no checking<br> - 28800000 means 08 hours ]]></description> - <type>input</type> - <size>10</size> + <description> + <![CDATA[ + If elapsed time recorded in log is greater than specified limit in milliseconds, use 0 for elapsed time.<br /> + <strong>Examples:</strong> 0 means no checking; 28800000 means 8 hours. + ]]> + </description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> - <fielddescr>Reports list limits</fielddescr> + <fielddescr>Files Limits</fielddescr> <fieldname>lastlog</fieldname> - <description><![CDATA[How many reports files must be kept in reports directory.<br> - The oldest report file will be automatically removed.0 means no limit.]]></description> - <type>input</type> - <size>10</size> + <description> + <![CDATA[ + How many reports files will be be kept in reports directory. The oldest report file will be automatically removed.<br /> + Default: 0 - means no limit. + ]]> + </description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> - <fielddescr>Reports days limits</fielddescr> + <fielddescr>Days Limits</fielddescr> <fieldname>daylimit</fieldname> - <description><![CDATA[How many days reports files must be kept in reports directory.<br> - Older report file will be automatically removed.<br> - Leave empty to do not remove old reports.]]></description> - <type>input</type> - <size>10</size> + <description> + <![CDATA[ + Report files will be kept in reports directory for this many days. Report files older than limit will be automatically removed.<br /> + Leave empty to not remove old reports. + ]]> + </description> + <type>input</type> + <size>10</size> </field> <field> <fielddescr>Top Users Limit</fielddescr> <fieldname>topuser_num</fieldname> - <description><![CDATA[How many users in topsites report. 0 = no limit]]></description> - <type>input</type> - <size>10</size> + <description> + <![CDATA[ + How many users appear in topsites report. + Default: 0 - means no limit. + ]]> + </description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> <fielddescr>Denied Limit</fielddescr> <fieldname>denied_report_limit</fieldname> - <description><![CDATA[0 means no limit.]]></description> - <type>input</type> - <size>10</size> + <description><![CDATA[Default: 0 - means no limit.]]></description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> <fielddescr>AuthFail Limit</fielddescr> <fieldname>authfail_report_limit</fieldname> - <description><![CDATA[0 means no limit.]]></description> - <type>input</type> - <size>10</size> + <description><![CDATA[Default: 0 - means no limit.]]></description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> - <fielddescr>User_report_limit</fielddescr> + <fielddescr>User Report Limit</fielddescr> <fieldname>user_report_limit</fieldname> - <description><![CDATA[0 means no limit.]]></description> - <type>input</type> - <size>10</size> + <description><![CDATA[Default: 0 - means no limit.]]></description> + <type>input</type> + <size>10</size> + <default_value>0</default_value> </field> <field> <name>Exclude Settings</name> <type>listtopic</type> </field> - <field> + <field> <fielddescr>Exclude string</fielddescr> <fieldname>exclude_string</fieldname> - <description><![CDATA[Records from access.log file that contain one of listed strings will be ignored.<br> - <strong>Format: string1:string2:...:stringn</strong>]]></description> + <description> + <![CDATA[ + Records from access.log file that contain one of listed strings will be ignored.<br /> + <strong>Format: string1:string2:...:stringn</strong> + ]]> + </description> <type>input</type> <size>70</size> </field> <field> - <fielddescr>Exclude hosts</fielddescr> + <fielddescr>Exclude Hosts</fielddescr> <fieldname>exclude_hostlist</fieldname> - <description><![CDATA[Hosts, domains or subnets will be excluded from reports.<br> - Eg.: 192.168.10.10 - exclude ip address only<br> - 192.168.10.0/24 - exclude full C class<br> - s1.acme.foo - exclude hostname only<br> - *.acme.foo - exclude full domain name]]></description> + <description> + <![CDATA[ + Hosts, domains or subnets that will be excluded from reports.<br /><br /> + <strong>Examples:</strong><br /> + 192.168.10.10 - exclude this IP address only.<br /> + 192.168.10.0/24 - exclude entire subnet.<br /> + host1.example.com - exclude this hostname only.<br /> + *.example.com - exclude entire domain. + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> @@ -347,24 +377,23 @@ <field> <fielddescr>Exclude codes</fielddescr> <fieldname>exclude_codelist</fieldname> - <description><![CDATA[Ignore records with these codes. Eg.: NONE/400<br> - Write one code per line. Lines starting with a # are ignored.<br> - Only codes matching exactly one of the line is rejected. The comparison is not case sensitive.]]></description> + <description> + <![CDATA[ + Ignore records with these <a href="http://wiki.squid-cache.org/SquidFaq/SquidLogs#Squid_result_codes">Squid result codes</a>.<br /> + Only codes matching exactly one of the line is rejected. The comparison is not case sensitive.<br /> + <strong>Write one code per line. Lines starting with a # are ignored.</strong><br /> + <strong>Example:</strong> NONE/400 + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> <encoding>base64</encoding> </field> </fields> - <custom_php_install_command> - sarg_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - sarg_php_deinstall_command(); - </custom_php_deinstall_command> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sync_package_sarg(); </custom_php_resync_config_command> diff --git a/config/sarg/sarg_about.php b/config/sarg/sarg_about.php index fba456b2..11289bfe 100755 --- a/config/sarg/sarg_about.php +++ b/config/sarg/sarg_about.php @@ -1,8 +1,9 @@ <?php /* sarg_about.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,77 +27,64 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version < 2.0) - $one_two = true; - $pgtitle = "About: Sarg Package"; include("head.inc"); ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> -<?php include("fbegin.inc"); ?> -<?php if($one_two): ?> -<p class="pgtitle"><?=$pgtitle?></font></p> -<?php endif; ?> +<?php include("fbegin.inc"); ?> <?php if ($input_errors) print_input_errors($input_errors); ?> <?php if ($savemsg) print_info_box($savemsg); ?> - <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> <?php - $tab_array = array(); - $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); - $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); - $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); - $tab_array[] = array(gettext("View Report"), false, "/sarg_reports.php"); - $tab_array[] = array(gettext("Realtime"), false, "/sarg_realtime.php"); - $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); - $tab_array[] = array(gettext("Help"), true, "/sarg_about.php"); - display_top_tabs($tab_array); -?> - </td></tr> - <tr> - - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> - <tr><td></td></tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Help docs"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Sarg Site");?></td> - <td width="78%" class="vtable"><?=gettext("<a target=_new href='http://sarg.sourceforge.net/'>Squid Analysis Report Generator</a><br><br>");?> - </tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("About sarg package"); ?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> - <td width="78%" class="vtable"><?=gettext("Package Created by <a target=_new href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br><br>");?></td> - </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td> - <td width="78%" class="vtable"><?=gettext("If you like this package, please <a target=_new href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br><br> - If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br><br>");?></td> - </tr> - </table> - - </div> - </td> - </tr> - - - </table> - <br> - <div id="search_results"></div> + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); + $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); + $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); + $tab_array[] = array(gettext("View Report"), false, "/sarg_reports.php"); + $tab_array[] = array(gettext("Realtime"), false, "/sarg_realtime.php"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); + $tab_array[] = array(gettext("Help"), true, "/sarg_about.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td></td></tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("Help Docs"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Sarg Site");?></td> + <td width="78%" class="vtable"><?=gettext("<a href='http://sarg.sourceforge.net/'>Squid Analysis Report Generator</a><br /><br />");?></td> + </tr> + <tr> + <td colspan="2" valign="top" class="listtopic"><?=gettext("About Sarg package"); ?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Credits ");?></td> + <td width="78%" class="vtable"><?=gettext("Package created by <a href='https://forum.pfsense.org/index.php?action=profile;u=4710'>Marcello Coutinho</a><br /><br />");?></td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Donations ");?></td> + <td width="78%" class="vtable"> + <?=gettext("If you like this package, please <a href='https://www.pfsense.org/index.php?option=com_content&task=view&id=47&Itemid=77'>donate to pfSense project</a>.<br /><br /> + If you want that your donation goes to this package developer, make a note on donation forwarding it to me.<br /><br />");?> + </td> + </tr> + </table> + </div> + </td></tr> +</table> +<br /> +<div id="search_results"></div> </div> <?php include("fend.inc"); ?> </body> diff --git a/config/sarg/sarg_frame.php b/config/sarg/sarg_frame.php index 6f3c941e..e6b27da6 100755 --- a/config/sarg/sarg_frame.php +++ b/config/sarg/sarg_frame.php @@ -1,9 +1,9 @@ <?php /* sarg_frame.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> - based on varnish_view_config. + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,55 +29,55 @@ */ require_once("authgui.inc"); -$uname=posix_uname(); -if ($uname['machine']=='amd64') - ini_set('memory_limit', '250M'); - -if(preg_match("/(\S+)\W(\w+.html)/",$_REQUEST['file'],$matches)){ - #https://192.168.1.1/sarg_reports.php?file=2012Mar30-2012Mar30/index.html - $url=$matches[2]; - $prefix=$matches[1]; - } -else{ - $url="index.html"; - $prefix=""; - } -$url=($_REQUEST['file'] == ""?"index.html":$_REQUEST['file']); -$dir="/usr/local/sarg-reports"; -$rand=rand(100000000000,999999999999); -$report=""; -if (file_exists("{$dir}/{$url}")) - $report=file_get_contents("{$dir}/{$url}"); -else if (file_exists("{$dir}/{$url}.gz")) { - $data = gzfile("{$dir}/{$url}.gz"); - $report = implode($data); - unset ($data); - } -if ($report != "" ) - { - $pattern[0]="/href=\W(\S+html)\W/"; - $replace[0]="href=/sarg_frame.php?prevent=".$rand."&file=$prefix/$1"; - $pattern[1]='/img src="\S+\W([a-zA-Z0-9.-]+.png)/'; - $replace[1]='img src="/sarg-images/$1'; - $pattern[2]='@img src="([.a-z/]+)/(\w+\.\w+)@'; - $replace[2]='img src="/sarg-images'.$prefix.'/$1/$2'; - $pattern[3]='/img src="([a-zA-Z0-9.-_]+).png/'; - $replace[3]='img src="/sarg-images/temp/$1.'.$rand.'.png'; - $pattern[4]='/<head>/'; - $replace[4]='<head><META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"><META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">'; +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') { + ini_set('memory_limit', '250M'); +} + +if (preg_match("/(\S+)\W(\w+.html)/", $_REQUEST['file'], $matches)) { + // URL format + // https://192.168.1.1/sarg_reports.php?file=2012Mar30-2012Mar30/index.html + $url = $matches[2]; + $prefix = $matches[1]; +} else { + $url = "index.html"; + $prefix = ""; +} - #look for graph files inside reports. - if (preg_match_all('/img src="([a-zA-Z0-9._-]+).png/',$report,$images)){ +$url = ($_REQUEST['file'] == "" ? "index.html" : $_REQUEST['file']); +$dir = "/usr/local/sarg-reports"; +$rand = rand(100000000000, 999999999999); +$report = ""; +if (file_exists("{$dir}/{$url}")) { + $report = file_get_contents("{$dir}/{$url}"); +} elseif (file_exists("{$dir}/{$url}.gz")) { + $data = gzfile("{$dir}/{$url}.gz"); + $report = implode($data); + unset ($data); +} +if ($report != "" ) { + $pattern[0] = "/href=\W(\S+html)\W/"; + $replace[0] = "href=/sarg_frame.php?prevent=" . $rand . "&file=$prefix/$1"; + $pattern[1] = '/img src="\S+\W([a-zA-Z0-9.-]+.png)/'; + $replace[1] = 'img src="/sarg-images/$1'; + $pattern[2] = '@img src="([.a-z/]+)/(\w+\.\w+)@'; + $replace[2] = 'img src="/sarg-images' . $prefix . '/$1/$2'; + $pattern[3] = '/img src="([a-zA-Z0-9.-_]+).png/'; + $replace[3] = 'img src="/sarg-images/temp/$1.' . $rand . '.png'; + $pattern[4] = '/<head>/'; + $replace[4] = '<head><META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"><META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">'; + + // look for graph files inside reports. + if (preg_match_all('/img src="([a-zA-Z0-9._-]+).png/', $report, $images)) { conf_mount_rw(); - for ($x=0;$x<count($images[1]);$x++){ - copy("{$dir}/{$prefix}/{$images[1][$x]}.png","/usr/local/www/sarg-images/temp/{$images[1][$x]}.{$rand}.png"); - } - conf_mount_ro(); + for ($x = 0; $x < count($images[1]); $x++) { + copy("{$dir}/{$prefix}/{$images[1][$x]}.png", "/usr/local/www/sarg-images/temp/{$images[1][$x]}.{$rand}.png"); } - print preg_replace($pattern,$replace,$report); + conf_mount_ro(); } -else{ - print "<pre>Error: Could not find report index file.<br>Check and save sarg settings and try to force sarg schedule."; - } + print preg_replace($pattern, $replace, $report); +} else { + print "Error: Could not find report index file.<br />Check and save Sarg settings and try to force Sarg schedule."; +} -?>
\ No newline at end of file +?> diff --git a/config/sarg/sarg_realtime.php b/config/sarg/sarg_realtime.php index f7618d1a..68104b61 100755 --- a/config/sarg/sarg_realtime.php +++ b/config/sarg/sarg_realtime.php @@ -1,8 +1,9 @@ <?php /* sarg_realtime.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,229 +27,227 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); -if ($pf_version == "2.1" || $pf_version == "2.2") - define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); -else - define('SARG_DIR', '/usr/local'); - -$uname=posix_uname(); -if ($uname['machine']=='amd64') - ini_set('memory_limit', '250M'); - +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); +if ($pf_version == "2.1" || $pf_version == "2.2") { + define('SARG_DIR', '/usr/pbi/sarg-' . php_uname("m")); +} else { + define('SARG_DIR', '/usr/local'); +} + +$uname = posix_uname(); +if ($uname['machine'] == 'amd64') { + ini_set('memory_limit', '250M'); +} function get_cmd(){ - global $config,$g; - #print $_REQUEST['type']; - if ($_REQUEST['cmd'] =='sarg'){ - $update_config=0; - #Check report xml info - if (!is_array($config['installedpackages']['sargrealtime'])){ - $config['installedpackages']['sargrealtime']['config'][0]['realtime_types']= ""; - $config['installedpackages']['sargrealtime']['config'][0]['realtime_users']= ""; + global $config, $g; + // print $_REQUEST['type']; + if ($_REQUEST['cmd'] == 'sarg') { + $update_config = 0; + // Check report xml info + if (!is_array($config['installedpackages']['sargrealtime'])) { + $config['installedpackages']['sargrealtime']['config'][0]['realtime_types'] = ""; + $config['installedpackages']['sargrealtime']['config'][0]['realtime_users'] = ""; } - #Check report http actions to show - if ($config['installedpackages']['sargrealtime']['config'][0]['realtime_types'] != $_REQUEST['qshape']){ - $config['installedpackages']['sargrealtime']['config'][0]['realtime_types']= $_REQUEST['qshape']; + // Check report http actions to show + if ($config['installedpackages']['sargrealtime']['config'][0]['realtime_types'] != $_REQUEST['qshape']) { + $config['installedpackages']['sargrealtime']['config'][0]['realtime_types'] = $_REQUEST['qshape']; $update_config++; - } - - #Check report users show - if ($config['installedpackages']['sargrealtime']['config'][0]['realtime_users'] != $_REQUEST['type']){ + } + // Check report users show + if ($config['installedpackages']['sargrealtime']['config'][0]['realtime_users'] != $_REQUEST['type']) { $config['installedpackages']['sargrealtime']['config'][0]['realtime_users']= $_REQUEST['type']; $update_config++; - } - - if($update_config > 0){ + } + if ($update_config > 0) { write_config(); - #write changes to sarg_file - $sarg_config=file_get_contents(SARG_DIR . '/etc/sarg/sarg.conf'); - $pattern[0]='/realtime_types\s+[A-Z,,]+/'; - $replace[0]="realtime_types ".$_REQUEST['qshape']; - $pattern[1]='/realtime_unauthenticated_records\s+\w+/'; - $replace[1]="realtime_unauthenticated_records ".$_REQUEST['type']; - file_put_contents(SARG_DIR . '/etc/sarg/sarg.conf', preg_replace($pattern,$replace,$sarg_config),LOCK_EX); - } - exec(SARG_DIR ."/bin/sarg -r",$sarg); - $pattern[0]="/<?(html|head|style)>/"; - $replace[0]=""; - $pattern[1]="/header_\w/"; - $replace[1]="listtopic"; - $pattern[2]="/class=.data./"; - $replace[2]='class="listlr"'; - $pattern[3]="/cellpadding=.\d./"; - $replace[3]='cellpadding="0"'; - $pattern[4]="/cellspacing=.\d./"; - $replace[4]='cellspacing="0"'; - $pattern[5]="/sarg/"; - $replace[5]='cellspacing="0"'; - foreach ($sarg as $line){ - if (preg_match("/<.head>/",$line)) + // write changes to sarg_file + $sarg_config = file_get_contents(SARG_DIR . '/etc/sarg/sarg.conf'); + $pattern[0] = '/realtime_types\s+[A-Z,,]+/'; + $replace[0] = "realtime_types " . $_REQUEST['qshape']; + $pattern[1] = '/realtime_unauthenticated_records\s+\w+/'; + $replace[1] = "realtime_unauthenticated_records " . $_REQUEST['type']; + file_put_contents(SARG_DIR . '/etc/sarg/sarg.conf', preg_replace($pattern, $replace, $sarg_config), LOCK_EX); + } + exec(SARG_DIR . "/bin/sarg -r", $sarg); + $pattern[0] = "/<?(html|head|style)>/"; + $replace[0] = ""; + $pattern[1] = "/header_\w/"; + $replace[1] = "listtopic"; + $pattern[2] = "/class=.data./"; + $replace[2] = 'class="listlr"'; + $pattern[3] = "/cellpadding=.\d./"; + $replace[3] = 'cellpadding="0"'; + $pattern[4] = "/cellspacing=.\d./"; + $replace[4] = 'cellspacing="0"'; + $pattern[5] = "/sarg/"; + $replace[5] = 'cellspacing="0"'; + foreach ($sarg as $line) { + if (preg_match("/<.head>/", $line)) { $print ="ok"; - if ($print =="ok" && !preg_match("/(sarg realtime|Auto Refresh)/i",$line)) - print preg_replace($pattern,$replace,$line); + } + if ($print == "ok" && !preg_match("/(sarg realtime|Auto Refresh)/i", $line)) { + print preg_replace($pattern, $replace, $line); + } } } } -if ($_REQUEST['cmd']!=""){ +if ($_REQUEST['cmd'] != "") { require_once("authgui.inc"); require_once("functions.inc"); get_cmd(); - } -else{ +} else { require("guiconfig.inc"); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($pf_version < 2.0) - $one_two = true; - + $pgtitle = "Status: Sarg Realtime"; include("head.inc"); - + ?> <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> <?php include("fbegin.inc"); ?> - - <?php if($one_two): ?> - <p class="pgtitle"><?=$pgtitle?></font></p> - <?php endif; ?> - + <?php if ($savemsg) print_info_box($savemsg); ?> - + <form action="sarg_realtime.php" method="post"> - + <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); - $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); - $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); - $tab_array[] = array(gettext("View Report"), false, "/sarg_reports.php"); - $tab_array[] = array(gettext("Realtime"), true, "/sarg_realtime.php"); - $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); - $tab_array[] = array(gettext("Help"), false, "/sarg_about.php"); - display_top_tabs($tab_array); - ?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> - <tr><td></td></tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Sarg Realtime"); ?></td></tr> + <table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); + $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); + $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); + $tab_array[] = array(gettext("View Report"), false, "/sarg_reports.php"); + $tab_array[] = array(gettext("Realtime"), true, "/sarg_realtime.php"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); + $tab_array[] = array(gettext("Help"), false, "/sarg_about.php"); + display_top_tabs($tab_array); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td></td></tr> + <tr><td colspan="2" valign="top" class="listtopic"><?=gettext("Sarg Realtime"); ?></td></tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Log command: ");?></td> - <td width="78%" class="vtable"> - <select name="drop3" id="cmd"> - <option value="sarg" selected="selected">Sarg Realtime</option> - </select><br><?=gettext("Select report command to run.");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("Log command: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="cmd"> + <option value="sarg" selected="selected">Sarg Realtime</option> + </select> + <br /><?=gettext("Select report command to run.");?> + </td> </tr> <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("update frequency: ");?></td> - <td width="78%" class="vtable"> - <select name="drop3" id="updatef"> - <option value="1">01 second</option> - <option value="3" selected="selected">03 seconds</option> - <option value="5">05 seconds</option> - <option value="15">15 Seconds</option> - <option value="30">30 Seconds</option> - <option value="60">One minute</option> - <option value="1">Never</option> - </select><br><?=gettext("Select how often report will run.");?></td> + <td width="22%" valign="top" class="vncell"><?=gettext("update frequency: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="updatef"> + <option value="1">01 second</option> + <option value="3" selected="selected">03 seconds</option> + <option value="5">05 seconds</option> + <option value="15">15 Seconds</option> + <option value="30">30 Seconds</option> + <option value="60">One minute</option> + <option value="1">Never</option> + </select> + <br /><?=gettext("Select how often report will run.");?> + </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("Report Types: ");?></td> - <td width="78%" class="vtable"> - <select name="drop3" id="qshape" multiple="multiple" size="5"> - <option value="GET" selected="selected">GET</option> - <option value="PUT" selected="selected">PUT</option> - <option value="CONNECT" selected="selected">CONNECT</option> - <option value="ICP_QUERY">ICP_QUERY</option> - <option value="POST">POST</option> - </select><br><?=gettext("Which records must be in realtime report.");?></td> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Report Types: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="qshape" multiple="multiple" size="5"> + <option value="GET" selected="selected">GET</option> + <option value="PUT" selected="selected">PUT</option> + <option value="CONNECT" selected="selected">CONNECT</option> + <option value="ICP_QUERY">ICP_QUERY</option> + <option value="POST">POST</option> + </select> + <br /><?=gettext("Which records must be in realtime report.");?> + </td> </tr> - <tr> - <td width="22%" valign="top" class="vncell"><?=gettext("unauthenticated_records: ");?></td> - <td width="78%" class="vtable"> - <select name="drop3" id="qtype"> - <option value="show" selected>show</option> - <option value="hide">hide</option> - </select><br><?=gettext("What to do with unauthenticated records in realtime report.");?></td> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("unauthenticated_records: ");?></td> + <td width="78%" class="vtable"> + <select name="drop3" id="qtype"> + <option value="show" selected>show</option> + <option value="hide">hide</option> + </select> + <br /><?=gettext("What to do with unauthenticated records in realtime report.");?> + </td> </tr> - <tr> - <td width="22%" valign="top"></td> - <td width="78%"><input name="Submit" type="button" class="formbtn" id="run" value="<?=gettext("show log");?>" onclick="get_queue('mailq')"><div id="search_help"></div></td> + <td width="22%" valign="top"></td> + <td width="78%"> + <input name="Submit" type="button" class="formbtn" id="run" value="<?=gettext("show log");?>" onclick="get_queue('mailq')" /> + <div id="search_help"></div> + </td> + </tr> </table> - </div> - </td> - </tr> - </table> - <br> - <div> - <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> - <tr> - <td class="tabcont" > - <div id="file_div"></div> - - </td> - </tr> - </table> - </div> + </div> + </td></tr> + </table> + <br /> + <div> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td class="tabcont" > + <div id="file_div"></div> + </td></tr> + </table> + </div> </div> </form> <script type="text/javascript"> - function loopSelected(id) - { - var selectedArray = new Array(); - var selObj = document.getElementById(id); - var i; - var count = 0; - for (i=0; i<selObj.options.length; i++) { - if (selObj.options[i].selected) { - selectedArray[count] = selObj.options[i].value; - count++; - } - } - return(selectedArray); + //<![CDATA[ + function loopSelected(id) { + var selectedArray = new Array(); + var selObj = document.getElementById(id); + var i; + var count = 0; + for (i = 0; i < selObj.options.length; i++) { + if (selObj.options[i].selected) { + selectedArray[count] = selObj.options[i].value; + count++; + } + } + return (selectedArray); } + function get_queue(loop) { - //prevent multiple instances - if ($('run').value=="show log" || loop== 'running'){ - $('run').value="running..."; - $('search_help').innerHTML ="<br><strong>You can change options while running.<br>To Stop search, change update frequency to Never.</strong>"; - var axel = Math.random() + ""; - var num = axel * 1000000000000000000; - var q_args=loopSelected('qshape'); - var pars = 'cmd='+$('cmd').options[$('cmd').selectedIndex].value; - var pars = pars + '&qshape='+q_args; - var pars = pars + '&prevent='+num; - var pars = pars + '&type='+$('qtype').options[$('qtype').selectedIndex].value; - var url = "/sarg_realtime.php"; - var myAjax = new Ajax.Request( - url, - { - method: 'post', - parameters: pars, - onComplete: activitycallback_queue_file - }); - } - } - function activitycallback_queue_file(transport) { - $('file_div').innerHTML = transport.responseText; - var update=$('updatef').options[$('updatef').selectedIndex].value * 1000; - if (update > 999){ - setTimeout('get_queue("running")', update); - } - else{ - $('run').value="show log"; - $('search_help').innerHTML =""; - } + //prevent multiple instances + if ($('run').value == "show log" || loop == 'running') { + $('run').value = "running..."; + $('search_help').innerHTML = "<br /><strong>You can change options while running.<br />To stop search, change update frequency to Never.</strong>"; + var axel = Math.random() + ""; + var num = axel * 1000000000000000000; + var q_args = loopSelected('qshape'); + var pars = 'cmd=' + $('cmd').options[$('cmd').selectedIndex].value; + var pars = pars + '&qshape=' + q_args; + var pars = pars + '&prevent=' + num; + var pars = pars + '&type=' + $('qtype').options[$('qtype').selectedIndex].value; + var url = "/sarg_realtime.php"; + var myAjax = new Ajax.Request( + url, { + method: 'post', + parameters: pars, + onComplete: activitycallback_queue_file + }); } + } + + function activitycallback_queue_file(transport) { + $('file_div').innerHTML = transport.responseText; + var update = $('updatef').options[$('updatef').selectedIndex].value * 1000; + if (update > 999) { + setTimeout('get_queue("running")', update); + } else { + $('run').value = "show log"; + $('search_help').innerHTML = ""; + } + } + //]]> </script> <?php include("fend.inc"); diff --git a/config/sarg/sarg_reports.php b/config/sarg/sarg_reports.php index f18eb80e..81e1fd02 100755 --- a/config/sarg/sarg_reports.php +++ b/config/sarg/sarg_reports.php @@ -1,8 +1,9 @@ <?php /* sarg_reports.php - part of pfSense (https://www.pfsense.org/) + part of pfSense (https://www.pfSense.org/) Copyright (C) 2012 Marcello Coutinho <marcellocoutinho@gmail.com> + Copyright (C) 2015 ESF, LLC All rights reserved. Redistribution and use in source and binary forms, with or without @@ -26,70 +27,58 @@ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ - require("guiconfig.inc"); - $pf_version=substr(trim(file_get_contents("/etc/version")),0,3); - if ($pf_version < 2.0) - $one_two = true; - - $pgtitle = "Status: Sarg Reports"; - include("head.inc"); - - ?> - <body link="#0000CC" vlink="#0000CC" alink="#0000CC"> - <?php include("fbegin.inc"); ?> +$pgtitle = "Status: Sarg Reports"; +include("head.inc"); - <?php if($one_two): ?> - <p class="pgtitle"><?=$pgtitle?></font></p> - <?php endif; ?> +?> +<body link="#0000CC" vlink="#0000CC" alink="#0000CC"> +<?php include("fbegin.inc"); ?> - <?php if ($savemsg) print_info_box($savemsg); ?> +<?php if ($savemsg) print_info_box($savemsg); ?> - <form> - - <div id="mainlevel"> - <table width="100%" border="0" cellpadding="0" cellspacing="0"> - <tr><td> - <?php - $tab_array = array(); - $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); - $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); - $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); - $tab_array[] = array(gettext("View Report"), true, "/sarg_reports.php"); - $tab_array[] = array(gettext("Realtime"), false, "/sarg_realtime.php"); - $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); - $tab_array[] = array(gettext("Help"), false, "/pkg_edit.php?xml=sarg_about.php"); - display_top_tabs($tab_array); - conf_mount_rw(); - exec('rm -f /usr/local/www/sarg-images/temp/*'); - conf_mount_ro(); - ?> - </td></tr> - <tr> - <td> - <div id="mainarea"> - <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> - <tr><td></td></tr> - <tr> - <td colspan="2" valign="top" class="listtopic"><?=gettext("Sarg Reports"); ?></td></tr> - </table> - </div> - <br> - <script language="JavaScript"> - var axel = Math.random() + ""; - var num = axel * 1000000000000000000; - document.writeln('<IFRAME SRC="/sarg_frame.php?prevent='+ num +'?" frameborder=0 width="100%" height="600"></IFRAME>'); - </script> - <div id="file_div"></div> - - </td> - </tr> +<form> +<div id="mainlevel"> +<table width="100%" border="0" cellpadding="0" cellspacing="0"> + <tr><td> + <?php + $tab_array = array(); + $tab_array[] = array(gettext("General"), false, "/pkg_edit.php?xml=sarg.xml&id=0"); + $tab_array[] = array(gettext("Users"), false, "/pkg_edit.php?xml=sarg_users.xml&id=0"); + $tab_array[] = array(gettext("Schedule"), false, "/pkg.php?xml=sarg_schedule.xml"); + $tab_array[] = array(gettext("View Report"), true, "/sarg_reports.php"); + $tab_array[] = array(gettext("Realtime"), false, "/sarg_realtime.php"); + $tab_array[] = array(gettext("XMLRPC Sync"), false, "/pkg_edit.php?xml=sarg_sync.xml&id=0"); + $tab_array[] = array(gettext("Help"), false, "/pkg_edit.php?xml=sarg_about.php"); + display_top_tabs($tab_array); + conf_mount_rw(); + mwexec('/bin/rm -f /usr/local/www/sarg-images/temp/*'); + conf_mount_ro(); + ?> + </td></tr> + <tr><td> + <div id="mainarea"> + <table class="tabcont" width="100%" border="0" cellpadding="8" cellspacing="0"> + <tr><td></td></tr> + <tr><td colspan="2" valign="top" class="listtopic"><?=gettext("Sarg Reports"); ?></td></tr> </table> - </div> - </form> - <?php - include("fend.inc"); - ?> - </body> - </html> + </div> + <br /> + <script type="text/javascript"> + //<![CDATA[ + var axel = Math.random() + ""; + var num = axel * 1000000000000000000; + document.writeln('<iframe src="/sarg_frame.php?prevent='+ num +'?" frameborder="0" width="100%" height="600"></iframe>'); + //]]> + </script> + <div id="file_div"></div> + </td></tr> +</table> +</div> +</form> +<?php +include("fend.inc"); +?> +</body> +</html> diff --git a/config/sarg/sarg_schedule.xml b/config/sarg/sarg_schedule.xml index 5123d786..7bc02d10 100644 --- a/config/sarg/sarg_schedule.xml +++ b/config/sarg/sarg_schedule.xml @@ -1,65 +1,50 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ -/* ========================================================================== */ + <copyright> +<![CDATA[ +/* $Id$ */ +/* ====================================================================================== */ /* - sarg_schedule.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2012 Marcello Coutinho - All rights reserved. + sarg_schedule.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>sargschedule</name> - <version>0.5</version> + <version>0.6.5</version> <title>Status: Sarg Schedules</title> <include_file>/usr/local/pkg/sarg.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/sarg/sarg.inc</item> - </additional_files_needed> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>0755</chmod> - <item>https://packages.pfsense.org/packages/config/sarg/sarg_sync.xml</item> - </additional_files_needed> - <menu> - <name>sarg</name> - <tooltiptext>sarg</tooltiptext> - <section>Diagnostics</section> - <configfile>sarg.xml</configfile> - </menu> <tabs> <tab> <text>General</text> @@ -101,7 +86,7 @@ <fieldname>frequency</fieldname> </columnitem> <columnitem> - <fielddescr>Aditional Args</fielddescr> + <fielddescr>Additional Args</fielddescr> <fieldname>args</fieldname> </columnitem> <columnitem> @@ -116,7 +101,7 @@ <fielddescr>Description</fielddescr> <fieldname>description</fieldname> </columnitem> - <movable>arrow</movable> + <movable>on</movable> </adddeleteeditpagefields> <fields> <field> @@ -128,48 +113,58 @@ <fielddescr>Enable</fielddescr> <fieldname>enable</fieldname> <type>checkbox</type> - <description>Enable this schedule</description> - </field> + <description>Enable this schedule.</description> + </field> <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Enter a description for this file.</description> + <description>Enter a description for this schedule.</description> <type>input</type> <size>50</size> </field> <field> - <fielddescr>Sarg args</fielddescr> + <fielddescr>Sarg Args</fielddescr> <fieldname>args</fieldname> - <description><![CDATA[Enter sarg extra args to run on this schedule.<br> - To force sarg to create a report only for specific days, use:<br> - <b>TODAY:</b> -d `date +%d/%m/%Y`<br> - <b>YESTERDAY:</b> -d `date -v-1d +%d/%m/%Y`<br> - <b>WEEKAGO:</b> -d `date -v-1w +%d/%m/%Y`-`date -v-1d +%d/%m/%Y`<br> - <b>MONTHAGO:</b> -d `date -v-1m +01/%m/%Y`-`date -v-1m +31/%m/%Y`]]></description> + <description> + <![CDATA[ + Enter Sarg extra arguments to run on this schedule.<br /> + To force Sarg to create a report only for specific days, use:<br /><br /> + <strong>TODAY:</strong> -d `date +%d/%m/%Y`<br /> + <strong>YESTERDAY:</strong> -d `date -v-1d +%d/%m/%Y`<br /> + <strong>WEEKAGO:</strong> -d `date -v-1w +%d/%m/%Y`-`date -v-1d +%d/%m/%Y`<br /> + <strong>MONTHAGO:</strong> -d `date -v-1m +01/%m/%Y`-`date -v-1m +31/%m/%Y` + ]]> + </description> <type>input</type> <size>50</size> </field> <field> - <fielddescr>frequency</fielddescr> + <fielddescr>Frequency</fielddescr> <fieldname>frequency</fieldname> <type>input</type> <size>5</size> - <description><![CDATA[How often extract users from active directory and verify changes<br> - Valid options are minutes(m), hours(h), days(d)<br> - Sample: To update every hour, use 1h<br><br>]]><input type="submit" name="Submit" value="Force update now"><br></description> + <description> + <![CDATA[ + How often should this report be updated.<br /> + Valid options are: minutes(m), hours(h), days(d)<br /> + <strong>Example:</strong> To update every hour, use 1h<br /><br /> + <input type="submit" name="Submit" value="Force update now" /><br /> + ]]> + </description> <required/> </field> <field> - <fielddescr>Action after sarg</fielddescr> + <fielddescr>Action After Sarg</fielddescr> <fieldname>action</fieldname> + <description>Choose an action to run after Sarg finishes.</description> <type>select</type> - <options> - <option><name>None(default)</name><value>none</value></option> - <option><name>rotate logs</name><value>rotate</value></option> + <options> + <option><name>None (default)</name><value>none</value></option> + <option><name>Rotate logs</name><value>rotate</value></option> <option><name>Restart proxy daemon</name><value>restart</value></option> <option><name>Rotate log and restart proxy daemon</name><value>both</value></option> - </options> - <description>Choose an action after sarg finishes</description> + </options> + <default_value>none</default_value> </field> <field> <type>listtopic</type> @@ -179,14 +174,14 @@ <field> <fielddescr>Enable Compression</fielddescr> <fieldname>gzip</fieldname> - <description><![CDATA[Enable this option to compress sarg report html files using gzip and reduce 4 times sarg reports data.]]></description> + <description>Enable this option to compress Sarg HTML report files using gzip. Reduces reports size.</description> <type>checkbox</type> </field> <field> - <fielddescr>Compression level</fielddescr> + <fielddescr>Compression Level</fielddescr> <fieldname>gziplevel</fieldname> <type>select</type> - <options> + <options> <option><name>Default gzip compression (Recommended)</name><value></value></option> <option><name>1 (fast)</name><value>--fast</value></option> <option><name>2</name><value>-2</value></option> @@ -197,7 +192,7 @@ <option><name>7</name><value>-7</value></option> <option><name>8</name><value>-8</value></option> <option><name>9 (best)</name><value>--best</value></option> - </options> + </options> <description>Choose gzip compression level.</description> </field> <field> @@ -206,21 +201,21 @@ <type>input</type> <default_value>60</default_value> <size>5</size> - <description><![CDATA[To speed up find process, restrict find search to report files created/changed n minutes ago.<br> - Default is to 60 minutes. If your reports take longer to be created, increase this value.]]></description> + <description> + <![CDATA[ + To speed up find process, restrict search to report files created/changed specified number of minutes ago.<br /> + If your reports take long time to be created, increase this value.<br /> + Default: 60 (minutes). + ]]> + </description> </field> </fields> - <custom_php_install_command> - sarg_php_install_command(); - </custom_php_install_command> - <custom_php_command_before_form> - </custom_php_command_before_form> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); </custom_php_validation_command> <custom_delete_php_command> sync_package_sarg(); - </custom_delete_php_command> + </custom_delete_php_command> <custom_php_resync_config_command> sarg_resync(); </custom_php_resync_config_command> diff --git a/config/sarg/sarg_sorttable.js b/config/sarg/sarg_sorttable.js index 25bccb2b..96443215 100644 --- a/config/sarg/sarg_sorttable.js +++ b/config/sarg/sarg_sorttable.js @@ -14,321 +14,333 @@ Licenced as X11: http://www.kryogenix.org/code/browser/licence.html This basically means: do what you want with it. */ - - -var stIsIE = /*@cc_on!@*/false; +var stIsIE = /*@cc_on!@*/ false; sorttable = { - init: function() { - // quit if this function has already been called - if (arguments.callee.done) return; - // flag this function so we don't do the same thing twice - arguments.callee.done = true; - // kill the timer - if (_timer) clearInterval(_timer); - - if (!document.createElement || !document.getElementsByTagName) return; - - sorttable.DATE_RE = /^(\d\d?)[\/\.-](\d\d?)[\/\.-]((\d\d)?\d\d)$/; - - forEach(document.getElementsByTagName('table'), function(table) { - if (table.className.search(/\bsortable\b/) != -1) { - sorttable.makeSortable(table); - } - }); - - }, - - makeSortable: function(table) { - if (table.getElementsByTagName('thead').length == 0) { - // table doesn't have a tHead. Since it should have, create one and - // put the first table row in it. - the = document.createElement('thead'); - the.appendChild(table.rows[0]); - table.insertBefore(the,table.firstChild); - } - // Safari doesn't support table.tHead, sigh - if (table.tHead == null) table.tHead = table.getElementsByTagName('thead')[0]; - - if (table.tHead.rows.length != 1) return; // can't cope with two header rows - - // Sorttable v1 put rows with a class of "sortbottom" at the bottom (as - // "total" rows, for example). This is B&R, since what you're supposed - // to do is put them in a tfoot. So, if there are sortbottom rows, - // for backwards compatibility, move them to tfoot (creating it if needed). - sortbottomrows = []; - for (var i=0; i<table.rows.length; i++) { - if (table.rows[i].className.search(/\bsortbottom\b/) != -1) { - sortbottomrows[sortbottomrows.length] = table.rows[i]; - } - } - if (sortbottomrows) { - if (table.tFoot == null) { - // table doesn't have a tfoot. Create one. - tfo = document.createElement('tfoot'); - table.appendChild(tfo); - } - for (var i=0; i<sortbottomrows.length; i++) { - tfo.appendChild(sortbottomrows[i]); - } - delete sortbottomrows; - } - - // work through each column and calculate its type - headrow = table.tHead.rows[0].cells; - for (var i=0; i<headrow.length; i++) { - // manually override the type with a sorttable_type attribute - if (!headrow[i].className.match(/\bsorttable_nosort\b/)) { // skip this col - mtch = headrow[i].className.match(/\bsorttable_([a-z0-9]+)\b/); - if (mtch) { override = mtch[1]; } - if (mtch && typeof sorttable["sort_"+override] == 'function') { - headrow[i].sorttable_sortfunction = sorttable["sort_"+override]; - } else { - headrow[i].sorttable_sortfunction = sorttable.guessType(table,i); - } - // make it clickable to sort - headrow[i].sorttable_columnindex = i; - headrow[i].sorttable_tbody = table.tBodies[0]; - dean_addEvent(headrow[i],"click", function(e) { - - if (this.className.search(/\bsorttable_sorted\b/) != -1) { - // if we're already sorted by this column, just - // reverse the table, which is quicker - sorttable.reverse(this.sorttable_tbody); - this.className = this.className.replace('sorttable_sorted', - 'sorttable_sorted_reverse'); - this.removeChild(document.getElementById('sorttable_sortfwdind')); - sortrevind = document.createElement('span'); - sortrevind.id = "sorttable_sortrevind"; - sortrevind.innerHTML = stIsIE ? ' <font face="webdings">5</font>' : ' ▴'; - this.appendChild(sortrevind); - return; - } - if (this.className.search(/\bsorttable_sorted_reverse\b/) != -1) { - // if we're already sorted by this column in reverse, just - // re-reverse the table, which is quicker - sorttable.reverse(this.sorttable_tbody); - this.className = this.className.replace('sorttable_sorted_reverse', - 'sorttable_sorted'); - this.removeChild(document.getElementById('sorttable_sortrevind')); - sortfwdind = document.createElement('span'); - sortfwdind.id = "sorttable_sortfwdind"; - sortfwdind.innerHTML = stIsIE ? ' <font face="webdings">6</font>' : ' ▾'; - this.appendChild(sortfwdind); - return; - } - - // remove sorttable_sorted classes - theadrow = this.parentNode; - forEach(theadrow.childNodes, function(cell) { - if (cell.nodeType == 1) { // an element - cell.className = cell.className.replace('sorttable_sorted_reverse',''); - cell.className = cell.className.replace('sorttable_sorted',''); - } - }); - sortfwdind = document.getElementById('sorttable_sortfwdind'); - if (sortfwdind) { sortfwdind.parentNode.removeChild(sortfwdind); } - sortrevind = document.getElementById('sorttable_sortrevind'); - if (sortrevind) { sortrevind.parentNode.removeChild(sortrevind); } - - this.className += ' sorttable_sorted'; - sortfwdind = document.createElement('span'); - sortfwdind.id = "sorttable_sortfwdind"; - sortfwdind.innerHTML = stIsIE ? ' <font face="webdings">6</font>' : ' ▾'; - this.appendChild(sortfwdind); - - // build an array to sort. This is a Schwartzian transform thing, - // i.e., we "decorate" each row with the actual sort key, - // sort based on the sort keys, and then put the rows back in order - // which is a lot faster because you only do getInnerText once per row - row_array = []; - col = this.sorttable_columnindex; - rows = this.sorttable_tbody.rows; - for (var j=0; j<rows.length; j++) { - row_array[row_array.length] = [sorttable.getInnerText(rows[j].cells[col]), rows[j]]; - } - /* If you want a stable sort, uncomment the following line */ - //sorttable.shaker_sort(row_array, this.sorttable_sortfunction); - /* and comment out this one */ - row_array.sort(this.sorttable_sortfunction); - - tb = this.sorttable_tbody; - for (var j=0; j<row_array.length; j++) { - tb.appendChild(row_array[j][1]); - } - - delete row_array; - }); - } - } - }, - - guessType: function(table, column) { - // guess the type of a column based on its first non-blank row - sortfn = sorttable.sort_alpha; - for (var i=0; i<table.tBodies[0].rows.length; i++) { - text = sorttable.getInnerText(table.tBodies[0].rows[i].cells[column]); - if (text != '') { - if (text.match(/^-?[£$¤]?[\d,.]+%?$/)) { - return sorttable.sort_numeric; - } - // check for a date: dd/mm/yyyy or dd/mm/yy - // can have / or . or - as separator - // can be mm/dd as well - possdate = text.match(sorttable.DATE_RE) - if (possdate) { - // looks like a date - first = parseInt(possdate[1]); - second = parseInt(possdate[2]); - if (first > 12) { - // definitely dd/mm - return sorttable.sort_ddmm; - } else if (second > 12) { - return sorttable.sort_mmdd; - } else { - // looks like a date, but we can't tell which, so assume - // that it's dd/mm (English imperialism!) and keep looking - sortfn = sorttable.sort_ddmm; - } - } - } - } - return sortfn; - }, - - getInnerText: function(node) { - // gets the text we want to use for sorting for a cell. - // strips leading and trailing whitespace. - // this is *not* a generic getInnerText function; it's special to sorttable. - // for example, you can override the cell text with a customkey attribute. - // it also gets .value for <input> fields. - - hasInputs = (typeof node.getElementsByTagName == 'function') && - node.getElementsByTagName('input').length; - - if (node.getAttribute("sorttable_customkey") != null) { - return node.getAttribute("sorttable_customkey"); - } - else if (typeof node.textContent != 'undefined' && !hasInputs) { - return node.textContent.replace(/^\s+|\s+$/g, ''); - } - else if (typeof node.innerText != 'undefined' && !hasInputs) { - return node.innerText.replace(/^\s+|\s+$/g, ''); - } - else if (typeof node.text != 'undefined' && !hasInputs) { - return node.text.replace(/^\s+|\s+$/g, ''); - } - else { - switch (node.nodeType) { - case 3: - if (node.nodeName.toLowerCase() == 'input') { - return node.value.replace(/^\s+|\s+$/g, ''); - } - case 4: - return node.nodeValue.replace(/^\s+|\s+$/g, ''); - break; - case 1: - case 11: - var innerText = ''; - for (var i = 0; i < node.childNodes.length; i++) { - innerText += sorttable.getInnerText(node.childNodes[i]); - } - return innerText.replace(/^\s+|\s+$/g, ''); - break; - default: - return ''; - } - } - }, - - reverse: function(tbody) { - // reverse the rows in a tbody - newrows = []; - for (var i=0; i<tbody.rows.length; i++) { - newrows[newrows.length] = tbody.rows[i]; - } - for (var i=newrows.length-1; i>=0; i--) { - tbody.appendChild(newrows[i]); - } - delete newrows; - }, - - /* sort functions - each sort function takes two parameters, a and b - you are comparing a[0] and b[0] */ - sort_numeric: function(a,b) { - aa = parseFloat(a[0].replace(/[^0-9.-]/g,'')); - if (isNaN(aa)) aa = 0; - bb = parseFloat(b[0].replace(/[^0-9.-]/g,'')); - if (isNaN(bb)) bb = 0; - return aa-bb; - }, - sort_alpha: function(a,b) { - if (a[0]==b[0]) return 0; - if (a[0]<b[0]) return -1; - return 1; - }, - sort_ddmm: function(a,b) { - mtch = a[0].match(sorttable.DATE_RE); - y = mtch[3]; m = mtch[2]; d = mtch[1]; - if (m.length == 1) m = '0'+m; - if (d.length == 1) d = '0'+d; - dt1 = y+m+d; - mtch = b[0].match(sorttable.DATE_RE); - y = mtch[3]; m = mtch[2]; d = mtch[1]; - if (m.length == 1) m = '0'+m; - if (d.length == 1) d = '0'+d; - dt2 = y+m+d; - if (dt1==dt2) return 0; - if (dt1<dt2) return -1; - return 1; - }, - sort_mmdd: function(a,b) { - mtch = a[0].match(sorttable.DATE_RE); - y = mtch[3]; d = mtch[2]; m = mtch[1]; - if (m.length == 1) m = '0'+m; - if (d.length == 1) d = '0'+d; - dt1 = y+m+d; - mtch = b[0].match(sorttable.DATE_RE); - y = mtch[3]; d = mtch[2]; m = mtch[1]; - if (m.length == 1) m = '0'+m; - if (d.length == 1) d = '0'+d; - dt2 = y+m+d; - if (dt1==dt2) return 0; - if (dt1<dt2) return -1; - return 1; - }, - - shaker_sort: function(list, comp_func) { - // A stable sort function to allow multi-level sorting of data - // see: http://en.wikipedia.org/wiki/Cocktail_sort - // thanks to Joseph Nahmias - var b = 0; - var t = list.length - 1; - var swap = true; - - while(swap) { - swap = false; - for(var i = b; i < t; ++i) { - if ( comp_func(list[i], list[i+1]) > 0 ) { - var q = list[i]; list[i] = list[i+1]; list[i+1] = q; - swap = true; - } - } // for - t--; - - if (!swap) break; - - for(var i = t; i > b; --i) { - if ( comp_func(list[i], list[i-1]) < 0 ) { - var q = list[i]; list[i] = list[i-1]; list[i-1] = q; - swap = true; - } - } // for - b++; - - } // while(swap) - } + init: function() { + // quit if this function has already been called + if (arguments.callee.done) return; + // flag this function so we don't do the same thing twice + arguments.callee.done = true; + // kill the timer + if (_timer) clearInterval(_timer); + + if (!document.createElement || !document.getElementsByTagName) return; + + sorttable.DATE_RE = /^(\d\d?)[\/\.-](\d\d?)[\/\.-]((\d\d)?\d\d)$/; + + forEach(document.getElementsByTagName('table'), function(table) { + if (table.className.search(/\bsortable\b/) != -1) { + sorttable.makeSortable(table); + } + }); + + }, + + makeSortable: function(table) { + if (table.getElementsByTagName('thead').length == 0) { + // table doesn't have a tHead. Since it should have, create one and + // put the first table row in it. + the = document.createElement('thead'); + the.appendChild(table.rows[0]); + table.insertBefore(the, table.firstChild); + } + // Safari doesn't support table.tHead, sigh + if (table.tHead == null) table.tHead = table.getElementsByTagName('thead')[0]; + + if (table.tHead.rows.length != 1) return; // can't cope with two header rows + + // Sorttable v1 put rows with a class of "sortbottom" at the bottom (as + // "total" rows, for example). This is B&R, since what you're supposed + // to do is put them in a tfoot. So, if there are sortbottom rows, + // for backwards compatibility, move them to tfoot (creating it if needed). + sortbottomrows = []; + for (var i = 0; i < table.rows.length; i++) { + if (table.rows[i].className.search(/\bsortbottom\b/) != -1) { + sortbottomrows[sortbottomrows.length] = table.rows[i]; + } + } + if (sortbottomrows) { + if (table.tFoot == null) { + // table doesn't have a tfoot. Create one. + tfo = document.createElement('tfoot'); + table.appendChild(tfo); + } + for (var i = 0; i < sortbottomrows.length; i++) { + tfo.appendChild(sortbottomrows[i]); + } + delete sortbottomrows; + } + + // work through each column and calculate its type + headrow = table.tHead.rows[0].cells; + for (var i = 0; i < headrow.length; i++) { + // manually override the type with a sorttable_type attribute + if (!headrow[i].className.match(/\bsorttable_nosort\b/)) { // skip this col + mtch = headrow[i].className.match(/\bsorttable_([a-z0-9]+)\b/); + if (mtch) { + override = mtch[1]; + } + if (mtch && typeof sorttable["sort_" + override] == 'function') { + headrow[i].sorttable_sortfunction = sorttable["sort_" + override]; + } else { + headrow[i].sorttable_sortfunction = sorttable.guessType(table, i); + } + // make it clickable to sort + headrow[i].sorttable_columnindex = i; + headrow[i].sorttable_tbody = table.tBodies[0]; + dean_addEvent(headrow[i], "click", function(e) { + + if (this.className.search(/\bsorttable_sorted\b/) != -1) { + // if we're already sorted by this column, just + // reverse the table, which is quicker + sorttable.reverse(this.sorttable_tbody); + this.className = this.className.replace('sorttable_sorted', + 'sorttable_sorted_reverse'); + this.removeChild(document.getElementById('sorttable_sortfwdind')); + sortrevind = document.createElement('span'); + sortrevind.id = "sorttable_sortrevind"; + sortrevind.innerHTML = stIsIE ? ' <font face="webdings">5</font>' : ' ▴'; + this.appendChild(sortrevind); + return; + } + if (this.className.search(/\bsorttable_sorted_reverse\b/) != -1) { + // if we're already sorted by this column in reverse, just + // re-reverse the table, which is quicker + sorttable.reverse(this.sorttable_tbody); + this.className = this.className.replace('sorttable_sorted_reverse', + 'sorttable_sorted'); + this.removeChild(document.getElementById('sorttable_sortrevind')); + sortfwdind = document.createElement('span'); + sortfwdind.id = "sorttable_sortfwdind"; + sortfwdind.innerHTML = stIsIE ? ' <font face="webdings">6</font>' : ' ▾'; + this.appendChild(sortfwdind); + return; + } + + // remove sorttable_sorted classes + theadrow = this.parentNode; + forEach(theadrow.childNodes, function(cell) { + if (cell.nodeType == 1) { // an element + cell.className = cell.className.replace('sorttable_sorted_reverse', ''); + cell.className = cell.className.replace('sorttable_sorted', ''); + } + }); + sortfwdind = document.getElementById('sorttable_sortfwdind'); + if (sortfwdind) { + sortfwdind.parentNode.removeChild(sortfwdind); + } + sortrevind = document.getElementById('sorttable_sortrevind'); + if (sortrevind) { + sortrevind.parentNode.removeChild(sortrevind); + } + + this.className += ' sorttable_sorted'; + sortfwdind = document.createElement('span'); + sortfwdind.id = "sorttable_sortfwdind"; + sortfwdind.innerHTML = stIsIE ? ' <font face="webdings">6</font>' : ' ▾'; + this.appendChild(sortfwdind); + + // build an array to sort. This is a Schwartzian transform thing, + // i.e., we "decorate" each row with the actual sort key, + // sort based on the sort keys, and then put the rows back in order + // which is a lot faster because you only do getInnerText once per row + row_array = []; + col = this.sorttable_columnindex; + rows = this.sorttable_tbody.rows; + for (var j = 0; j < rows.length; j++) { + row_array[row_array.length] = [sorttable.getInnerText(rows[j].cells[col]), rows[j]]; + } + /* If you want a stable sort, uncomment the following line */ + //sorttable.shaker_sort(row_array, this.sorttable_sortfunction); + /* and comment out this one */ + row_array.sort(this.sorttable_sortfunction); + + tb = this.sorttable_tbody; + for (var j = 0; j < row_array.length; j++) { + tb.appendChild(row_array[j][1]); + } + + delete row_array; + }); + } + } + }, + + guessType: function(table, column) { + // guess the type of a column based on its first non-blank row + sortfn = sorttable.sort_alpha; + for (var i = 0; i < table.tBodies[0].rows.length; i++) { + text = sorttable.getInnerText(table.tBodies[0].rows[i].cells[column]); + if (text != '') { + if (text.match(/^-?[Å$¤]?[\d,.]+%?$/)) { + return sorttable.sort_numeric; + } + // check for a date: dd/mm/yyyy or dd/mm/yy + // can have / or . or - as separator + // can be mm/dd as well + possdate = text.match(sorttable.DATE_RE) + if (possdate) { + // looks like a date + first = parseInt(possdate[1]); + second = parseInt(possdate[2]); + if (first > 12) { + // definitely dd/mm + return sorttable.sort_ddmm; + } else if (second > 12) { + return sorttable.sort_mmdd; + } else { + // looks like a date, but we can't tell which, so assume + // that it's dd/mm (English imperialism!) and keep looking + sortfn = sorttable.sort_ddmm; + } + } + } + } + return sortfn; + }, + + getInnerText: function(node) { + // gets the text we want to use for sorting for a cell. + // strips leading and trailing whitespace. + // this is *not* a generic getInnerText function; it's special to sorttable. + // for example, you can override the cell text with a customkey attribute. + // it also gets .value for <input> fields. + + hasInputs = (typeof node.getElementsByTagName == 'function') && + node.getElementsByTagName('input').length; + + if (node.getAttribute("sorttable_customkey") != null) { + return node.getAttribute("sorttable_customkey"); + } else if (typeof node.textContent != 'undefined' && !hasInputs) { + return node.textContent.replace(/^\s+|\s+$/g, ''); + } else if (typeof node.innerText != 'undefined' && !hasInputs) { + return node.innerText.replace(/^\s+|\s+$/g, ''); + } else if (typeof node.text != 'undefined' && !hasInputs) { + return node.text.replace(/^\s+|\s+$/g, ''); + } else { + switch (node.nodeType) { + case 3: + if (node.nodeName.toLowerCase() == 'input') { + return node.value.replace(/^\s+|\s+$/g, ''); + } + case 4: + return node.nodeValue.replace(/^\s+|\s+$/g, ''); + break; + case 1: + case 11: + var innerText = ''; + for (var i = 0; i < node.childNodes.length; i++) { + innerText += sorttable.getInnerText(node.childNodes[i]); + } + return innerText.replace(/^\s+|\s+$/g, ''); + break; + default: + return ''; + } + } + }, + + reverse: function(tbody) { + // reverse the rows in a tbody + newrows = []; + for (var i = 0; i < tbody.rows.length; i++) { + newrows[newrows.length] = tbody.rows[i]; + } + for (var i = newrows.length - 1; i >= 0; i--) { + tbody.appendChild(newrows[i]); + } + delete newrows; + }, + + /* sort functions + each sort function takes two parameters, a and b + you are comparing a[0] and b[0] */ + sort_numeric: function(a, b) { + aa = parseFloat(a[0].replace(/[^0-9.-]/g, '')); + if (isNaN(aa)) aa = 0; + bb = parseFloat(b[0].replace(/[^0-9.-]/g, '')); + if (isNaN(bb)) bb = 0; + return aa - bb; + }, + sort_alpha: function(a, b) { + if (a[0] == b[0]) return 0; + if (a[0] < b[0]) return -1; + return 1; + }, + sort_ddmm: function(a, b) { + mtch = a[0].match(sorttable.DATE_RE); + y = mtch[3]; + m = mtch[2]; + d = mtch[1]; + if (m.length == 1) m = '0' + m; + if (d.length == 1) d = '0' + d; + dt1 = y + m + d; + mtch = b[0].match(sorttable.DATE_RE); + y = mtch[3]; + m = mtch[2]; + d = mtch[1]; + if (m.length == 1) m = '0' + m; + if (d.length == 1) d = '0' + d; + dt2 = y + m + d; + if (dt1 == dt2) return 0; + if (dt1 < dt2) return -1; + return 1; + }, + sort_mmdd: function(a, b) { + mtch = a[0].match(sorttable.DATE_RE); + y = mtch[3]; + d = mtch[2]; + m = mtch[1]; + if (m.length == 1) m = '0' + m; + if (d.length == 1) d = '0' + d; + dt1 = y + m + d; + mtch = b[0].match(sorttable.DATE_RE); + y = mtch[3]; + d = mtch[2]; + m = mtch[1]; + if (m.length == 1) m = '0' + m; + if (d.length == 1) d = '0' + d; + dt2 = y + m + d; + if (dt1 == dt2) return 0; + if (dt1 < dt2) return -1; + return 1; + }, + + shaker_sort: function(list, comp_func) { + // A stable sort function to allow multi-level sorting of data + // see: http://en.wikipedia.org/wiki/Cocktail_sort + // thanks to Joseph Nahmias + var b = 0; + var t = list.length - 1; + var swap = true; + + while (swap) { + swap = false; + for (var i = b; i < t; ++i) { + if (comp_func(list[i], list[i + 1]) > 0) { + var q = list[i]; + list[i] = list[i + 1]; + list[i + 1] = q; + swap = true; + } + } // for + t--; + + if (!swap) break; + + for (var i = t; i > b; --i) { + if (comp_func(list[i], list[i - 1]) < 0) { + var q = list[i]; + list[i] = list[i - 1]; + list[i - 1] = q; + swap = true; + } + } // for + b++; + + } // while(swap) + } } /* ****************************************************************** @@ -339,7 +351,7 @@ sorttable = { /* for Mozilla/Opera9 */ if (document.addEventListener) { - document.addEventListener("DOMContentLoaded", sorttable.init, false); + document.addEventListener("DOMContentLoaded", sorttable.init, false); } /* for Internet Explorer */ @@ -356,11 +368,11 @@ if (document.addEventListener) { /* for Safari */ if (/WebKit/i.test(navigator.userAgent)) { // sniff - var _timer = setInterval(function() { - if (/loaded|complete/.test(document.readyState)) { - sorttable.init(); // call the onload handler - } - }, 10); + var _timer = setInterval(function() { + if (/loaded|complete/.test(document.readyState)) { + sorttable.init(); // call the onload handler + } + }, 10); } /* for other browsers */ @@ -434,7 +446,7 @@ fixEvent.preventDefault = function() { this.returnValue = false; }; fixEvent.stopPropagation = function() { - this.cancelBubble = true; + this.cancelBubble = true; } // Dean's forEach: http://dean.edwards.name/base/forEach.js @@ -490,4 +502,3 @@ var forEach = function(object, block, context) { resolve.forEach(object, block, context); } }; - diff --git a/config/sarg/sarg_sync.xml b/config/sarg/sarg_sync.xml index 354d9991..9ae141e5 100755 --- a/config/sarg/sarg_sync.xml +++ b/config/sarg/sarg_sync.xml @@ -1,48 +1,48 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - sarg_sync.xml - part of the sarg package for pfSense - Copyright (C) 2012 Marcello Coutinho - All rights reserved. - */ -/* ========================================================================== */ + sarg_sync.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>sargsync</name> - <version>1.0</version> + <version>0.6.5</version> <title>Status: Sarg Sync</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <tabs> @@ -75,16 +75,16 @@ <text>Help</text> <url>/sarg_about.php</url> </tab> -</tabs> + </tabs> <fields> <field> <name>XMLRPC Sync</name> <type>listtopic</type> </field> <field> - <fielddescr>Automatically sync sarg configuration changes</fielddescr> + <fielddescr>Automatically Sync Sarg Configuration Changes.</fielddescr> <fieldname>synconchanges</fieldname> - <description>Select a sync method for sarg.</description> + <description>Select a sync method for Sarg.</description> <type>select</type> <required/> <default_value>auto</default_value> @@ -95,14 +95,14 @@ </options> </field> <field> - <fielddescr>Sync timeout</fielddescr> + <fielddescr>Sync Timeout</fielddescr> <fieldname>synctimeout</fieldname> <description>Select sync max wait time</description> <type>select</type> <required/> <default_value>250</default_value> <options> - <option><name>250 seconds(Default)</name><value>250</value></option> + <option><name>250 seconds (default)</name><value>250</value></option> <option><name>120 seconds</name><value>120</value></option> <option><name>90 seconds</name><value>90</value></option> <option><name>60 seconds</name><value>60</value></option> @@ -114,32 +114,26 @@ <fieldname>none</fieldname> <type>rowhelper</type> <rowhelper> - <rowhelperfield> - <fielddescr>IP Address</fielddescr> - <fieldname>ipaddress</fieldname> - <description>IP Address of remote server</description> - <type>input</type> - <size>20</size> - </rowhelperfield> - <rowhelperfield> - <fielddescr>Password</fielddescr> - <fieldname>password</fieldname> - <description>Password for remote server.</description> - <type>password</type> - <size>20</size> - </rowhelperfield> + <rowhelperfield> + <fielddescr>IP Address</fielddescr> + <fieldname>ipaddress</fieldname> + <description>IP Address of remote server</description> + <type>input</type> + <size>20</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>Password</fielddescr> + <fieldname>password</fieldname> + <description>Password for remote server.</description> + <type>password</type> + <size>20</size> + </rowhelperfield> </rowhelper> </field> </fields> - <custom_php_install_command> - sarg_php_install_command(); - </custom_php_install_command> - <custom_php_deinstall_command> - sarg_php_deinstall_command(); - </custom_php_deinstall_command> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sarg_resync(); </custom_php_resync_config_command> diff --git a/config/sarg/sarg_users.xml b/config/sarg/sarg_users.xml index 39387007..92d46dd1 100644 --- a/config/sarg/sarg_users.xml +++ b/config/sarg/sarg_users.xml @@ -1,49 +1,48 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> <copyright> - <![CDATA[ +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - sarg_users.xml - part of the sarg for pfSense - Copyright (C) 2012 Marcello Coutinho - - All rights reserved. - */ -/* ========================================================================== */ + sarg_users.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2012 Marcello Coutinho + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>sarguser</name> - <version>1.0</version> + <version>0.6.5</version> <title>Status: Sarg User Settings</title> <include_file>/usr/local/pkg/sarg.inc</include_file> <tabs> @@ -76,7 +75,7 @@ <text>Help</text> <url>/sarg_about.php</url> </tab> -</tabs> + </tabs> <fields> <field> <name>User Settings</name> @@ -85,134 +84,171 @@ <field> <fielddescr>User Sort Field</fielddescr> <fieldname>user_sort_field</fieldname> - <description><![CDATA[Sort field for the User Report.]]></description> - <type>select</type> - <options> - <option><name>BYTES(default)</name><value>BYTES</value></option> + <description>Select the sort field for the User Report.</description> + <type>select</type> + <options> + <option><name>BYTES (default)</name><value>BYTES</value></option> <option><name>SITE normal</name><value>SITE</value></option> <option><name>CONNECT</name><value>CONNECT</value></option> <option><name>TIME</name><value>TIME</value></option> - </options> + </options> + <default_value>BYTES</default_value> </field> <field> - <fielddescr>Ntlm User Format</fielddescr> + <fielddescr>NTLM Users Format</fielddescr> <fieldname>ntlm_user_format</fieldname> - <description><![CDATA[NTLM users format]]></description> + <description>Select NTLM username format.</description> <type>select</type> <options> - <option><name>domainname+username (default)</name><value>domainname+username</value></option> - <option><name>username</name><value>user</value></option> + <option><name>domainname+username (default)</name><value>domainname+username</value></option> + <option><name>username</name><value>user</value></option> </options> + <default_value>domainname+username</default_value> </field> <field> - <fielddescr>Exclude users</fielddescr> + <fielddescr>Exclude Users</fielddescr> <fieldname>exclude_userlist</fieldname> - <description><![CDATA[Users within the file will be excluded from reports.<br> - You can use indexonly to have only index.html file.<br> - <strong>Format: one user per line.</strong>]]></description> + <description> + <![CDATA[ + Users within the file will be excluded from reports.<br /> + <strong>Format: One user per line.</strong> + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> <encoding>base64</encoding> </field> <field> - <fielddescr>Include users</fielddescr> + <fielddescr>Include Users</fielddescr> <fieldname>include_userlist</fieldname> - <description><![CDATA[Reports will be generated only for listed users.<br> - <strong>Format: user1:user2:...:usern</strong>]]></description> + <description> + <![CDATA[ + Reports will be generated only for listed users.<br /> + <strong>Format: user1:user2:...:userN</strong> + ]]> + </description> <type>input</type> <size>70</size> </field> <field> - <fielddescr>Users association</fielddescr> + <fielddescr>Users Association</fielddescr> <fieldname>usertab</fieldname> - <description><![CDATA[You can change the "userid" or the "ip address" to be a real user name on the reports.<br> - If resolve_ip is active, the ip address is resolved before being looked up into this file.<br> - That is, if you want to map the ip address, be sure to set resolv_ip to no or the resolved name will be looked into the file instead of the ip address.<br> - Note that it can be used to resolve any ip address known to the dns and then map the unresolved ip addresses to a name found in the usertab file.<br> - <strong>Table syntax: userid name or ip address name</strong><br> - Eg:<br>SirIsaac Isaac Newton<br> - vinci Leonardo da Vinci<br> - 192.168.10.1 Karol Wojtyla]]></description> + <description> + <![CDATA[ + You can change the "userid" or the "IP address" to be a real user name on the reports.<br /> + If 'Convert IP address to DNS name' is active, the IP address is resolved before being looked up into this file.<br /> + That is, if you want to map the IP address, be sure to set resolv_ip to no or the resolved name will be looked into the file instead of the IP address.<br /> + Note that it can be used to resolve any IP address known to the dns and then map the unresolved IP addresses to a name found in the usertab file.<br /> + <strong>Table syntax: 'userid name' or 'IP_address name'</strong><br /><br /> + <strong>Examples:</strong><br /> + SirIsaac Isaac Newton<br /> + vinci Leonardo da Vinci<br /> + 192.168.10.1 Karol Wojtyla + ]]> + </description> <type>textarea</type> <cols>70</cols> <rows>10</rows> <encoding>base64</encoding> </field> <field> - <name>Ldap Settings</name> + <name>LDAP Settings</name> <type>listtopic</type> </field> <field> - <fielddescr>Enable LDAP search</fielddescr> + <fielddescr>Enable LDAP Search</fielddescr> <fieldname>ldap_enable</fieldname> - <description><![CDATA[Enable LDAP search for username replacement based on active directory info.<br> - This option is usefull to show full usernames in sarg reports instead of user logins.]]></description> + <description> + <![CDATA[ + Enable LDAP search for username replacement based on Active Directory information.<br /> + This option is useful to show full usernames in Sarg reports instead of user logins. + ]]> + </description> <type>checkbox</type> </field> <field> <fielddescr>LDAP Hostname</fielddescr> <fieldname>ldap_host</fieldname> - <description><![CDATA[FQDN or IP address of host with LDAP service or AD DC]]></description> + <description>FQDN or IP address of host with LDAP service or AD DC.</description> <type>input</type> <size>60</size> </field> <field> <fielddescr>LDAP Port</fielddescr> <fieldname>ldap_port</fieldname> - <description><![CDATA[LDAP service port number.<br>Default is 389]]></description> + <description> + <![CDATA[ + LDAP service port number.<br /> + Default: 389 + ]]> + </description> <type>input</type> <size>10</size> + <default_value>389</default_value> </field> <field> - <fielddescr>LDAP Bind DN</fielddescr> + <fielddescr>LDAP Bind User DN</fielddescr> <fieldname>ldap_bind_dn</fieldname> - <description><![CDATA[DN of LDAP user, who is authorized to read user's names from LDAP base.<br> - Sample: CN=username,OU=group,DC=mydomain,DC=com<br>]]></description> + <description> + <![CDATA[ + DN of the LDAP user who is authorized to the search the LDAP database.<br /> + <strong>Example:</strong> CN=username,OU=group,DC=mydomain,DC=com<br /> + ]]> + </description> <type>input</type> <size>60</size> </field> <field> <fielddescr>LDAP Bind Password</fielddescr> <fieldname>ldap_bind_pw</fieldname> - <description><![CDATA[LDAPBindPW secret Password of DN, who is authorized to read user's names from LDAP base.]]></description> + <description>Input the password for 'LDAP Bind User DN' specified above.</description> <type>password</type> - <size>10</size> + <size>20</size> </field> <field> - <fielddescr>LDAP Base Search</fielddescr> + <fielddescr>LDAP Search Base DN</fielddescr> <fieldname>ldap_base_search</fieldname> - <description><![CDATA[LDAP search base.<br> - Sample: OU=users,DC=mydomain,DC=com]]></description> + <description> + <![CDATA[ + Specify the LDAP search base DN. The search base is the place in the hierarchical LDAP structure where the search for user accounts starts.<br /> + <strong>Example:</strong> OU=users,DC=mydomain,DC=com + ]]> + </description> <type>input</type> <size>60</size> </field> <field> - <fielddescr>LDAP filter Search</fielddescr> + <fielddescr>LDAP Search Filter</fielddescr> <fieldname>ldap_filter_search</fieldname> - <description><![CDATA[LDAPFilterSearch (uid=%s)<br> - User search filter by user's logins in LDAP. First founded record will be used.<br> - %s - will be changed to userlogins from access.log file filter string can have up to 5 '%s' tags.<br> - Default value is '(uid=%s)']]></description> + <description> + <![CDATA[ + Use this to filter the user login entries to be returned for a search operation in LDAP. First found record will be used.<br /> + %s - will be changed to user logins from access.log file filter. Search filter string can have up to 5 '%s' tags.<br /> + Default value: '(uid=%s)' + ]]> + </description> <type>input</type> <size>60</size> + <default_value>(uid=%s)</default_value> </field> <field> - <fielddescr>LDAP Target Attribute</fielddescr> + <fielddescr>LDAP Username DN Attribute</fielddescr> <fieldname>ldap_target_attr</fieldname> - <description><![CDATA[Name of the attribute containing a name of the user<br> - Default value is 'cn']]></description> + <description> + <![CDATA[ + Name of the attribute containing the login name of the user<br /> + Default value is 'cn'. For Active Directory, use 'sAMAccountName'. + ]]> + </description> <type>input</type> <size>60</size> + <default_value>cn</default_value> </field> </fields> - <custom_php_install_command> - </custom_php_install_command> - <custom_php_deinstall_command> - </custom_php_deinstall_command> <custom_php_validation_command> sarg_validate_input($_POST, $input_errors); - </custom_php_validation_command> + </custom_php_validation_command> <custom_php_resync_config_command> sync_package_sarg(); </custom_php_resync_config_command> diff --git a/config/squid/squid.inc b/config/squid/squid.inc index 8e87c7a1..48a92a75 100644 --- a/config/squid/squid.inc +++ b/config/squid/squid.inc @@ -541,78 +541,28 @@ function squid_validate_auth($post, &$input_errors) { } function squid_install_cron($should_install) { - global $config, $g; - if($g['booting']==true) - return; - $rotate_is_installed = false; - $swapstate_is_installed = false; - if(!$config['cron']['item']) + global $config; + if (platform_booting()) { return; - $settings = $config['installedpackages']['squidcache']['config'][0]; + } + parse_config(true); - $x=0; - $rotate_job_id=-1; - $swapstate_job_id=-1; + if (is_array($config['installedpackages']['squidcache'])) { + $settings = $config['installedpackages']['squidcache']['config'][0]; + } else { + $settings = array(); + } + $cachedir = ($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); + $cron_cmd = "/bin/rm {$cachedir}/swap.state; " . SQUID_LOCALBASE . "/sbin/squid -k rotate"; + $swapstate_cmd = "/usr/local/pkg/swapstate_check.php"; - foreach($config['cron']['item'] as $item) { - if(strstr($item['task_name'], "squid_rotate_logs")) { - $rotate_job_id = $x; - } elseif(strstr($item['task_name'], "squid_check_swapstate")) { - $swapstate_job_id = $x; - } - $x++; - } - $need_write = false; - switch($should_install) { - case true: - $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); - if($rotate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "squid_rotate_logs"; - $cron_item['minute'] = "0"; - $cron_item['hour'] = "0"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/bin/rm {$cachedir}/swap.state; " . SQUID_LOCALBASE . "/sbin/squid -k rotate"; - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if($swapstate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "squid_check_swapstate"; - $cron_item['minute'] = "*/15"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Adding Squid Cron Jobs"); - } - break; - case false: - if($rotate_job_id >= 0) { - unset($config['cron']['item'][$rotate_job_id]); - $need_write = true; - } - if($swapstate_job_id >= 0) { - unset($config['cron']['item'][$swapstate_job_id]); - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Removing Squid Cron Jobs"); - } - break; + if ($should_install) { + install_cron_job("{$cron_cmd}", true, "0", "0", "*", "*", "*", "root"); + install_cron_job("{$swapstate_cmd}", true, "*/15"); + } else { + install_cron_job("{$cron_cmd}", false); + install_cron_job("{$swapstate_cmd}", false); } - configure_cron(); } function squid_resync_general() { diff --git a/config/squid3/34/squid.inc b/config/squid3/34/squid.inc index 2705ceb6..57527876 100755 --- a/config/squid3/34/squid.inc +++ b/config/squid3/34/squid.inc @@ -772,89 +772,33 @@ function squid_validate_auth($post, &$input_errors) { } function squid_install_cron($should_install) { - global $config, $g; - - if ($g['booting']==true) - return; - $rotate_is_installed = false; - $swapstate_is_installed = false; + global $config; - if (!$config['cron']['item']) + if (platform_booting()) { return; + } - if (is_array($config['installedpackages']['squidcache'])) + parse_config(true); + if (is_array($config['installedpackages']['squidcache'])) { $settings = $config['installedpackages']['squidcache']['config'][0]; - else + } else { $settings = array(); - - $x=0; - $rotate_job_id=-1; - $swapstate_job_id=-1; - $cron_cmd=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); - $cron_cmd .= SQUID_BASE."/sbin/squid -k rotate -f " . SQUID_CONFFILE; - $need_write = false; - foreach ($config['cron']['item'] as $item) { - if (strstr($item['task_name'], "squid_rotate_logs")) { - $rotate_job_id = $x; - if ($item['command'] != $cron_cmd) { - $config['cron']['item'][$x]['command']=$cron_cmd; - $need_write = true; - } - } elseif (strstr($item['task_name'], "squid_check_swapstate")) { - $swapstate_job_id = $x; - } - $x++; } + + $cron_cmd = ($settings['clear_cache'] == 'on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); + $cron_cmd .= SQUID_BASE . "/sbin/squid -k rotate -f " . SQUID_CONFFILE; + install_cron_job("{$cron_cmd}", $should_install, "0", "0", "*", "*", "*", "root"); + + $swapstate_cmd = "/usr/local/pkg/swapstate_check.php clean; "; if ($should_install) { - $cachedir =($settings['harddisk_cache_location'] ? $settings['harddisk_cache_location'] : '/var/squid/cache'); - if ($rotate_job_id < 0) { - $cron_item['command']=($settings['clear_cache']=='on' ? "/usr/local/pkg/swapstate_check.php clean; " : ""); - $cron_item = array(); - $cron_item['task_name'] = "squid_rotate_logs"; - $cron_item['minute'] = "0"; - $cron_item['hour'] = "0"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] .= $cron_cmd; - /* Add this cron_item as a new entry at the end of the item array. */ - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($swapstate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "squid_check_swapstate"; - $cron_item['minute'] = "*/15"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/swapstate_check.php"; - /* Add this cron_item as a new entry at the end of the item array. */ - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Adding Squid Cron Jobs"); + if ($settings['clear_cache'] == 'on' ) { + install_cron_job("{$swapstate_cmd}", true, "*/15"); + } else { + install_cron_job("{$swapstate_cmd}", false); } } else { - if ($rotate_job_id >= 0) { - unset($config['cron']['item'][$rotate_job_id]); - $need_write = true; - } - if ($swapstate_job_id >= 0) { - unset($config['cron']['item'][$swapstate_job_id]); - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Removing Squid Cron Jobs"); - } + install_cron_job("{$swapstate_cmd}", false); } - configure_cron(); } function squid_check_ca_hashes() { @@ -1895,10 +1839,11 @@ function squid_resync($via_rpc="no") { // detect boot process if (is_array($_POST)) { - if (preg_match("/\w+/",$_POST['__csrf_magic'])) + if (platform_booting()) { unset($boot_process); - else + } else { $boot_process="on"; + } } log_error("[Squid] - Squid_resync function call pr:".is_process_running('squid')." bp:".isset($boot_process)." rpc:".$via_rpc); diff --git a/config/squidGuard-devel/squidguard_configurator.inc b/config/squidGuard-devel/squidguard_configurator.inc index ff2b9f2c..8fdae6ce 100644 --- a/config/squidGuard-devel/squidguard_configurator.inc +++ b/config/squidGuard-devel/squidguard_configurator.inc @@ -1958,65 +1958,11 @@ function squidguard_cron_install() global $squidguard_config; $on_off = $squidguard_config[F_LOGROTATION] == 'on'; - - $opt = ""; + $cron_cmd = "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE; if ($on_off) { - $opt = array("0", "0", "*", "*", "*", "root", "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE); - } - squidguard_setup_cron("squidGuard_logrotate", $opt, $on_off); -} - -# ------------------------------------------------------------------------------ -# squidguard_setup_cron -# ------------------------------------------------------------------------------ -# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command' -# ------------------------------------------------------------------------------ -function squidguard_setup_cron($task_key, $options, $on_off) -{ - global $config; - $cron_item = array(); - - # $on_off = TRUE/FALSE - install/deinstall cron task: - # prepare new cron item - if (is_array($options)) { - $cron_item['minute'] = $options[0]; - $cron_item['hour'] = $options[1]; - $cron_item['mday'] = $options[2]; - $cron_item['month'] = $options[3]; - $cron_item['wday'] = $options[4]; - $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody'; - $cron_item['command'] = $options[6]; - } - - # unset old cron task with $task_key - if (!empty($task_key)) { - $flag_cron_upd = false; - # delete old cron task if exists - if (is_array($config['cron']['item'])) { - foreach($config['cron']['item'] as $key => $val) { - if (strpos($config['cron']['item'][$key]['command'], $task_key) !== false) { - unset($config['cron']['item'][$key]); - $flag_cron_upd = true; - break; - } - } - } - - # set new cron task - if (($on_off === true) and !empty($cron_item)) { - $config['cron']['item'][] = $cron_item; - $flag_cron_upd = true; - } - - # write config and configure cron only if cron task modified - if ($flag_cron_upd === true) { - write_config("Installed cron task '$task_key' for 'squidGuard' package"); - configure_cron(); - } - } - else { - # ! error $name ! - return; + install_cron_job("{$cron_cmd}", true, "0", "0", "*", "*", "*", "root"); + } else { + install_cron_job("{$cron_cmd}", false); } } diff --git a/config/squidGuard/squidguard_configurator.inc b/config/squidGuard/squidguard_configurator.inc index 99907451..50835610 100644 --- a/config/squidGuard/squidguard_configurator.inc +++ b/config/squidGuard/squidguard_configurator.inc @@ -1968,65 +1968,11 @@ function squidguard_cron_install() global $squidguard_config; $on_off = $squidguard_config[F_LOGROTATION] == 'on'; - - $opt = ""; + $cron_cmd = "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE; if ($on_off) { - $opt = array("0", "0", "*", "*", "*", "root", "/usr/bin/nice -n20 " . SQUIDGUARD_SCR_LOGROTATE); - } - squidguard_setup_cron("squidGuard_logrotate", $opt, $on_off); -} - -# ------------------------------------------------------------------------------ -# squidguard_setup_cron -# ------------------------------------------------------------------------------ -# $options: [0]='minute', [1]='hour', [2]='mday', [3]='month', [4]='wday', [5]='who', [6]='command' -# ------------------------------------------------------------------------------ -function squidguard_setup_cron($task_key, $options, $on_off) -{ - global $config; - $cron_item = array(); - - # $on_off = TRUE/FALSE - install/deinstall cron task: - # prepare new cron item - if (is_array($options)) { - $cron_item['minute'] = $options[0]; - $cron_item['hour'] = $options[1]; - $cron_item['mday'] = $options[2]; - $cron_item['month'] = $options[3]; - $cron_item['wday'] = $options[4]; - $cron_item['who'] = ($options[5]) ? $options[5] : 'nobody'; - $cron_item['command'] = $options[6]; - } - - # unset old cron task with $task_key - if (!empty($task_key)) { - $flag_cron_upd = false; - # delete old cron task if exists - if (is_array($config['cron']['item'])) { - foreach($config['cron']['item'] as $key => $val) { - if (strpos($config['cron']['item'][$key]['command'], $task_key) !== false) { - unset($config['cron']['item'][$key]); - $flag_cron_upd = true; - break; - } - } - } - - # set new cron task - if (($on_off === true) and !empty($cron_item)) { - $config['cron']['item'][] = $cron_item; - $flag_cron_upd = true; - } - - # write config and configure cron only if cron task modified - if ($flag_cron_upd === true) { - write_config("Installed cron task '$task_key' for 'squidGuard' package"); - configure_cron(); - } - } - else { - # ! error $name ! - return; + install_cron_job("{$cron_cmd}", true, "0", "0", "*", "*", "*", "root"); + } else { + install_cron_job("{$cron_cmd}", false); } } diff --git a/config/stunnel/stunnel.inc b/config/stunnel/stunnel.inc index 7f3f9338..6dc17ef6 100644 --- a/config/stunnel/stunnel.inc +++ b/config/stunnel/stunnel.inc @@ -1,45 +1,73 @@ <?php +/* + stunnel.inc + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2009 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. -$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +global $config; + +$pf_version = substr(trim(file_get_contents("/etc/version")), 0, 3); if ($pf_version == "2.1" || $pf_version == "2.2") { define('STUNNEL_LOCALBASE', '/usr/pbi/stunnel-' . php_uname("m")); } else { - define('STUNNEL_LOCALBASE','/usr/local'); + define('STUNNEL_LOCALBASE', '/usr/local'); } define('STUNNEL_ETCDIR', STUNNEL_LOCALBASE . "/etc/stunnel"); -if(!isset($_GET['id']) and !isset($_POST['id'])) { - if($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) { - $savemsg=$GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']; +if (!isset($_GET['id']) and !isset($_POST['id'])) { + if ($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']) { + $savemsg = $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']; unset($GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']); write_config(); } - } -if(isset($_GET['id'])) { - $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']= +if (isset($_GET['id'])) { + $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain'] = base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_chain']); - $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']= + $config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key'] = base64_decode($config['installedpackages']['stunnelcerts']['config'][$_GET['id']]['cert_key']); } -$certs=$config['installedpackages']['stunnelcerts']['config']; -is_array($certs) ? $num_certs=count($certs) : $num_certs=0; -if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { - for ($i=0;$i<$num_certs;$i++) { - $cert=$certs[$i]; - $_info=openssl_x509_parse(base64_decode($cert['cert_chain'])); - $valid=floor(($_info['validTo_time_t']-time())/86400); - if($cert['cert_chain']) { - if(!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) { - $_status='<font color="#AA0000"><b>Invalid key/cert!</b></font>'; - } elseif($valid<30) { - $_status='<font color="#B27D4B">Expires in '.$valid.' days!</font>'; +$certs = $config['installedpackages']['stunnelcerts']['config']; +is_array($certs) ? $num_certs = count($certs) : $num_certs = 0; +if (!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { + for ($i = 0; $i < $num_certs; $i++) { + $cert = $certs[$i]; + $_info = openssl_x509_parse(base64_decode($cert['cert_chain'])); + $valid = floor(($_info['validTo_time_t'] - time()) / 86400); + if ($cert['cert_chain']) { + if (!openssl_x509_check_private_key(base64_decode($cert['cert_chain']), base64_decode($cert['cert_key']))) { + $_status = '<font color="#AA0000"><strong>Invalid key/cert!</strong></font>'; + } elseif ($valid < 30) { + $_status = '<font color="#B27D4B">Expires in ' . $valid . ' days!</font>'; } else { - $_status='<font color="#008800">OK ('.$valid.' days)</font>'; + $_status = '<font color="#008800">OK (' . $valid . ' days)</font>'; } - $config['installedpackages']['stunnelcerts']['config'][$i]['status']=$_status; + $config['installedpackages']['stunnelcerts']['config'][$i]['status'] = $_status; } else { unset($config['installedpackages']['stunnelcerts']['config'][$i]); } @@ -47,18 +75,19 @@ if(!isset($_GET['id']) and !isset($_POST['id']) and $num_certs) { } -$tunnels=$config['installedpackages']['stunnel']['config']; -is_array($tunnels) ? $num_tunnels=count($tunnels) : $num_tunnels=0; -if(!isset($_GET['id']) and $num_tunnels) { - for ($i=0;$i<$num_tunnels;$i++) { - $tunnel=$tunnels[$i]; - if($tunnel['certificate']) { - $certid=0; - if(is_array($config['installedpackages']['stunnelcerts']['config'])) { - foreach($config['installedpackages']['stunnelcerts']['config'] as $cert) { - if($tunnel['certificate']==$cert['filename']) +$tunnels = $config['installedpackages']['stunnel']['config']; +is_array($tunnels) ? $num_tunnels = count($tunnels) : $num_tunnels = 0; +if (!isset($_GET['id']) and $num_tunnels) { + for ($i = 0; $i < $num_tunnels; $i++) { + $tunnel = $tunnels[$i]; + if ($tunnel['certificate']) { + $certid = 0; + if (is_array($config['installedpackages']['stunnelcerts']['config'])) { + foreach ($config['installedpackages']['stunnelcerts']['config'] as $cert) { + if ($tunnel['certificate'] == $cert['filename']) { $config['installedpackages']['stunnel']['config'][$i]['certificatelink']= - '<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id='.$certid.'">'.$cert['description'].'</a>'; + '<a href="/pkg_edit.php?xml=stunnel_certs.xml&act=edit&id=' . $certid . '">' . $cert['description'] . '</a>'; + } $certid++; } } @@ -67,7 +96,7 @@ if(!isset($_GET['id']) and $num_tunnels) { } function stunnel_printcsr() { -# $GLOBALS['savemsg']="<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'],true) . "</pre>"; +// $GLOBALS['savemsg'] = "<pre>" . print_r($GLOBALS['config']['installedpackages']['stunnelcerts']['config'], true) . "</pre>"; } function stunnel_addcerts($config) { @@ -75,13 +104,14 @@ function stunnel_addcerts($config) { $tunnels=$config['installedpackages']['stunnel']['config']; ?> <script type="text/javascript"> + //<![CDATA[ function addcerts() { <?php - - foreach($certs as $cert) { + + foreach ($certs as $cert) { echo("document.forms['iform'].certificate.appendChild(new Option('".$cert['description']."', '".$cert['filename']."'));"); } - + ?> } addcerts(); @@ -93,9 +123,9 @@ function stunnel_addcerts($config) { document.forms['iform'].certificate[i].selected = true; } else { document.forms['iform'].certificate[i].selected = false; - } + } } - + //]]> </script> <?php } @@ -103,105 +133,103 @@ function stunnel_addcerts($config) { function stunnel_disablefields() { ?> <script type="text/javascript"> + //<![CDATA[ document.forms['iform'].subject.readOnly=true; document.forms['iform'].filename.readOnly=true; document.forms['iform'].expiry.readOnly=true; + //]]> </script> <?php } function stunnel_delete($config) { $cert=$config['installedpackages']['stunnelcerts']['config'][$_GET['id']]; - if(isset($_GET['id'])) { - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'pem'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'key'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$cert['filename'].'chain'); + if (isset($_GET['id'])) { + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.pem'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.key'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $cert['filename'] . '.chain'); } } function stunnel_save($config) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = ''; conf_mount_rw(); - if (!file_exists(STUNNEL_ETCDIR)) - @mkdir(STUNNEL_ETCDIR, 0755, true); - $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + safe_mkdir(STUNNEL_ETCDIR, 0755); + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); - if(!is_array($config['installedpackages']['stunnel']['config'])) { $config['installedpackages']['stunnel']['config']=Array(); } - foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + if (!is_array($config['installedpackages']['stunnel']['config'])) { + $config['installedpackages']['stunnel']['config'] = array(); + } + foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); - if($pkgconfig['client']) fwrite($fout, "client = yes" . "\n"); - if($pkgconfig['certificate']) { - if(file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and - file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) { + if ($pkgconfig['client']) { + fwrite($fout, "client = yes" . "\n"); + } + if ($pkgconfig['certificate']) { + if (file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.key') and file_exists(STUNNEL_ETCDIR . '/'.$pkgconfig['certificate'].'.chain')) { fwrite($fout, "key = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".key\n"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/" . $pkgconfig['certificate'] . ".chain\n"); } } - if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + if ($pkgconfig['sourceip']) { + fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + } fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); } fclose($fout); conf_mount_ro(); - system("/usr/local/etc/rc.d/stunnel.sh stop 2>/dev/null"); - system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null"); + stop_service("stunnel"); + start_service("stunnel"); } + function stunnel_save_cert($config) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg']=''; - if(isset($_POST['id'])) { -# echo "<pre>"; -# print_r($_POST); -# echo "</pre>"; - - if(!$_POST['cert_chain']) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate chain must be specified!<br>"; - } if(!$_POST['cert_key']) { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="RSA Key must be specified!<br>"; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] = ''; + if (isset($_POST['id'])) { + if (!$_POST['cert_chain']) { + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate chain must be specified!<br />"; } - if($_POST['cert_chain'] and $_POST['cert_key']) { - $_cert=openssl_x509_parse($_POST['cert_chain']); -# echo("<pre>"); -# print_r($_cert); -# echo("</pre>"); - if($_cert['hash']) { - if(openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', - $_POST['cert_key']); - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.chain', - $_POST['cert_chain']); - file_put_contents(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', - $_POST['cert_key']."\n".$_POST['cert_chain']); + if (!$_POST['cert_key']) { + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "RSA Key must be specified!<br />"; + } + if ($_POST['cert_chain'] and $_POST['cert_key']) { + $_cert = openssl_x509_parse($_POST['cert_chain']); + if ($_cert['hash']) { + if (openssl_x509_check_private_key($_POST['cert_chain'], $_POST['cert_key'])) { + file_put_contents(STUNNEL_ETCDIR . '/'. $_cert['hash'] . '.key', $_POST['cert_key']); + file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.chain', $_POST['cert_chain']); + file_put_contents(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', $_POST['cert_key']."\n".$_POST['cert_chain']); system('chown stunnel:stunnel ' . STUNNEL_ETCDIR . '/*'); - chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.key', 0600); - chmod(STUNNEL_ETCDIR . '/'.$_cert['hash'].'.pem', 0600); + chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.key', 0600); + chmod(STUNNEL_ETCDIR . '/' . $_cert['hash'] . '.pem', 0600); - $_POST['filename']=$_cert['hash']; - $_POST['expiry_raw']=$_cert['validTo_time_t']; - $_POST['expiry']=date('Y-m-d', $_cert['validTo_time_t']); - $_POST['subject']=$_cert['name']; + $_POST['filename'] = $_cert['hash']; + $_POST['expiry_raw'] = $_cert['validTo_time_t']; + $_POST['expiry'] = date('Y-m-d', $_cert['validTo_time_t']); + $_POST['subject'] = $_cert['name']; } else { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Certificate and key do not match!<br>"; - $_POST['filename']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Certificate and key do not match!<br />"; + $_POST['filename'] = ''; } } else { - $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'].="Couldn't parse certificate!<br>"; - $_POST['expiry_raw']=''; - $_POST['expiry']=''; - $_POST['subject']=''; - $_POST['filename']=''; + $GLOBALS['config']['installedpackages']['stunnelcerts']['savemsg'] .= "Couldn't parse certificate!<br />"; + $_POST['expiry_raw'] = ''; + $_POST['expiry'] = ''; + $_POST['subject'] = ''; + $_POST['filename'] = ''; } } - $_POST['cert_key']=base64_encode($_POST['cert_key']); - $_POST['cert_chain']=base64_encode($_POST['cert_chain']); - $_fname=$GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; - if($_fname and $_fname!=$_POST['filename']) { - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.chain'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.key'); - unlink_if_exists(STUNNEL_ETCDIR . '/'.$_fname.'.pem'); + $_POST['cert_key'] = base64_encode($_POST['cert_key']); + $_POST['cert_chain'] = base64_encode($_POST['cert_chain']); + $_fname = $GLOBALS['config']['installedpackages']['stunnelcerts']['config'][$_POST['id']]['filename']; + if ($_fname and $_fname != $_POST['filename']) { + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.chain'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.key'); + unlink_if_exists(STUNNEL_ETCDIR . '/' . $_fname . '.pem'); } } } @@ -212,21 +240,23 @@ function stunnel_install() { chmod(STUNNEL_ETCDIR . "/stunnel.pem", 0600); @mkdir("/var/tmp/stunnel/var/tmp/run/stunnel", 0755, true); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); - $_rcfile['file']='stunnel.sh'; - $_rcfile['start'].= STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; - $_rcfile['stop'].="killall stunnel \n\t"; + $_rcfile['file'] = 'stunnel.sh'; + $_rcfile['start'] = STUNNEL_LOCALBASE . "/bin/stunnel " . STUNNEL_ETCDIR . "/stunnel.conf \n\t"; + $_rcfile['stop'] = "/usr/bin/killall stunnel \n\t"; write_rcfile($_rcfile); unlink_if_exists("/usr/local/etc/rc.d/stunnel"); - - $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf","w"); + + $fout = fopen(STUNNEL_ETCDIR . "/stunnel.conf", "w"); fwrite($fout, "cert = " . STUNNEL_ETCDIR . "/stunnel.pem \n"); fwrite($fout, "chroot = /var/tmp/stunnel \n"); fwrite($fout, "setuid = stunnel \n"); fwrite($fout, "setgid = stunnel \n"); - if($config['installedpackages']['stunnel']['config']) { - foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + if ($config['installedpackages']['stunnel']['config']) { + foreach ($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); - if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + if ($pkgconfig['sourceip']) { + fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + } fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); @@ -238,7 +268,6 @@ function stunnel_install() { function stunnel_deinstall() { rmdir_recursive("/var/tmp/stunnel"); rmdir_recursive(STUNNEL_ETCDIR); - unlink_if_exists("/usr/local/etc/rc.d/stunnel.sh"); } ?> diff --git a/config/stunnel/stunnel.xml b/config/stunnel/stunnel.xml index bb66d196..c8957ba8 100644 --- a/config/stunnel/stunnel.xml +++ b/config/stunnel/stunnel.xml @@ -1,71 +1,68 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - stunnel.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2008 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + stunnel.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2008 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>stunnel</name> - <version>4.18</version> + <version>5.20.2</version> <title>Services: Secure Tunnel</title> - <!-- Menu is where this packages menu will appear --> <menu> <name>STunnel</name> - <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.</tooltiptext> + <tooltiptext>The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. + It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. + It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. + It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.</tooltiptext> <section>Services</section> <configfile>stunnel.xml</configfile> </menu> - + <include_file>/usr/local/pkg/stunnel.inc</include_file> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/stunnel/stunnel.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/pkg/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/stunnel/stunnel_certs.xml</item> </additional_files_needed> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> <configpath>['installedpackages']['package']['$packagename']['configuration']</configpath> - <tabs> <tab> <text>Tunnels</text> @@ -77,9 +74,11 @@ <url>/pkg.php?xml=stunnel_certs.xml</url> </tab> </tabs> - - <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit - items. An example of this would be the nat page where you add new nat redirects --> + <service> + <name>stunnel</name> + <rcfile>stunnel.sh</rcfile> + <executable>stunnel</executable> + </service> <adddeleteeditpagefields> <columnitem> <fielddescr>Description</fielddescr> @@ -106,8 +105,6 @@ <fieldname>redirectport</fieldname> </columnitem> </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Description</fielddescr> @@ -118,7 +115,7 @@ <field> <fielddescr>Client Mode</fielddescr> <fieldname>client</fieldname> - <description>Use client mode for this tunnel (i.e. connect to an SSL server, do not act as an SSL server)</description> + <description>Use client mode for this tunnel (i.e. connect to an SSL server, do not act as an SSL server).</description> <type>checkbox</type> </field> <field> @@ -128,7 +125,7 @@ <type>input</type> </field> <field> - <fielddescr>Listen on port</fielddescr> + <fielddescr>Listen on Port</fielddescr> <fieldname>localport</fieldname> <description>Enter the local port to bind this redirection to.</description> <type>input</type> @@ -156,18 +153,12 @@ <type>input</type> </field> <field> - <fielddescr>Outgoing source IP</fielddescr> + <fielddescr>Outgoing Source IP</fielddescr> <fieldname>sourceip</fieldname> <description>Enter the source IP address for outgoing connections.</description> <type>input</type> </field> </fields> - <service> - <name>stunnel</name> - <rcfile>stunnel.sh</rcfile> - <executable>stunnel</executable> - </service> - <include_file>/usr/local/pkg/stunnel.inc</include_file> <custom_add_php_command_late> stunnel_save($config); </custom_add_php_command_late> diff --git a/config/stunnel/stunnel_certs.xml b/config/stunnel/stunnel_certs.xml index 5ea07328..ce1dcf52 100644 --- a/config/stunnel/stunnel_certs.xml +++ b/config/stunnel/stunnel_certs.xml @@ -1,53 +1,51 @@ <?xml version="1.0" encoding="utf-8" ?> -<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> -<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> +<![CDATA[ /* $Id$ */ -/* ========================================================================== */ +/* ====================================================================================== */ /* - stunnel.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2007-2009 Scott Ullrich - All rights reserved. - */ -/* ========================================================================== */ + stunnel_certs.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2007-2009 Scott Ullrich + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ - ]]> - </copyright> - <description>Stunnel certificates</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ + ]]> + </copyright> <name>stunnelcerts</name> - <version>4.18</version> + <version>5.20.2</version> <title>Services: Secure Tunnel - Certificates</title> - <!-- configpath gets expanded out automatically and config items will be - stored in that location --> + <include_file>/usr/local/pkg/stunnel.inc</include_file> <configpath>['installedpackages']['package']['$packagename']['configuration']</configpath> - <tabs> <tab> <text>Tunnels</text> @@ -59,9 +57,6 @@ <active/> </tab> </tabs> - - <!-- adddeleteeditpagefields items will appear on the first page where you can add / delete or edit - items. An example of this would be the nat page where you add new nat redirects --> <adddeleteeditpagefields> <columnitem> <fielddescr>Description</fielddescr> @@ -79,55 +74,59 @@ <fielddescr>Status</fielddescr> <fieldname>status</fieldname> </columnitem> - </adddeleteeditpagefields> - <!-- fields gets invoked when the user adds or edits a item. the following items - will be parsed and rendered for the user as a gui with input, and selectboxes. --> <fields> <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Enter a (short) description for this certificate</description> + <description>Enter a (short) description for this certificate.</description> <type>input</type> </field> <field> - <fielddescr>Certificate filename</fielddescr> + <fielddescr>Certificate Filename</fielddescr> <fieldname>filename</fieldname> <description>File name of certificate (read-only; updated on save). Extensions (.pem, .chain, .key) are added automatically.</description> <type>input</type> </field> <field> - <fielddescr>Certificate subject</fielddescr> + <fielddescr>Certificate Subject</fielddescr> <fieldname>subject</fieldname> <description>Certificate subject (read-only; updated on save)</description> <type>input</type> <size>50</size> </field> <field> - <fielddescr>Certificate valid until</fielddescr> + <fielddescr>Certificate Valid Until</fielddescr> <fieldname>expiry</fieldname> <description>The certificate will expire on this date, and will no longer work.</description> <type>input</type> </field> <field> - <fielddescr>RSA private key</fielddescr> + <fielddescr>RSA Private Key</fielddescr> <fieldname>cert_key</fieldname> - <description>RSA private key used for certificate. Do not change for existing certificates!<br></description> + <description> + <![CDATA[ + RSA private key used for certificate. Do not change for existing certificates!<br /> + ]]> + </description> <type>textarea</type> <rows>7</rows> - <cols>65</cols> + <cols>70</cols> </field> <field> - <fielddescr>Certificate chain</fielddescr> + <fielddescr>Certificate Chain</fielddescr> <fieldname>cert_chain</fieldname> - <description>Full certificate chain; root certificate on top, then any intermediates, server certificate at the end.<br> - <b>Full chain required for private or EV certificates!</b></description> + <description> + <![CDATA[ + Full certificate chain; root certificate on top, then any intermediates, server certificate at the end.<br /> + <strong>Full chain required for private or EV certificates!</strong> + ]]> + </description> <type>textarea</type> <rows>7</rows> - <cols>65</cols> + <cols>70</cols> </field> </fields> - <include_file>/usr/local/pkg/stunnel.inc</include_file> <custom_add_php_command> stunnel_save_cert($config); stunnel_save($config); diff --git a/config/syslog-ng/syslog-ng.inc b/config/syslog-ng/syslog-ng.inc index 57a94f96..41fce416 100644 --- a/config/syslog-ng/syslog-ng.inc +++ b/config/syslog-ng/syslog-ng.inc @@ -58,14 +58,17 @@ function syslogng_install_command() { if (!file_exists("/usr/local/lib/syslog-ng")) { @symlink(SYSLOGNG_BASEDIR . "local/lib/syslog-ng", "/usr/local/lib/syslog-ng"); } - syslogng_install_cron(true); + $crontask = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; + install_cron_job("${crontask}", true, "0"); syslogng_resync(); } function syslogng_deinstall_command() { - if (is_link("/usr/local/lib/syslog-ng")) + if (is_link("/usr/local/lib/syslog-ng")) { unlink("/usr/local/lib/syslog-ng"); - syslogng_install_cron(false); + } + $crontask = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; + install_cron_job("${crontask}", false); unlink_if_exists("/usr/local/etc/logrotate.conf"); unlink_if_exists("/usr/local/etc/syslog-ng.conf"); filter_configure(); @@ -137,62 +140,6 @@ function syslogng_validate_advanced($post, &$input_errors) { } } -function syslogng_install_cron($should_install) { - global $config; - - if (platform_booting()) { - return; - } - - if (!$config['cron']['item']) { - return; - } - - $x=0; - $rotate_job_id=-1; - $rotate_is_installed = false; - - foreach ($config['cron']['item'] as $item) { - if (strstr($item['task_name'], "syslogng_rotate_logs")) { - $rotate_job_id = $x; - } - $x++; - } - $need_write = false; - switch ($should_install) { - case true: - if ($rotate_job_id < 0) { - $cron_item = array(); - $cron_item['task_name'] = "syslogng_rotate_logs"; - $cron_item['minute'] = "0"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/bin/nice -n20 " . SYSLOGNG_BASEDIR . "local/sbin/logrotate /usr/local/etc/logrotate.conf"; - $config['cron']['item'][] = $cron_item; - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Adding syslog-ng Cron Jobs"); - } - break; - case false: - if ($rotate_job_id >= 0) { - unset($config['cron']['item'][$rotate_job_id]); - $need_write = true; - } - if ($need_write) { - parse_config(true); - write_config("Removing syslog-ng Cron Jobs"); - } - break; - } - configure_cron(); -} - function syslogng_build_default_objects($settings) { $default_objects = array(); diff --git a/config/tinc/tinc.inc b/config/tinc/tinc.inc index 65f07e32..81e506b4 100644 --- a/config/tinc/tinc.inc +++ b/config/tinc/tinc.inc @@ -159,8 +159,8 @@ function tinc_save() { if ($tincconf['enable'] != "") { restart_service("tinc"); - } elseif (is_process_running("tincd")); { - stop_service("tinc"); + } elseif (is_process_running("tincd")) { + stop_service("tinc"); } rmdir_recursive("/usr/local/etc/tinc.old"); diff --git a/config/vnstat2/vnstat2.inc b/config/vnstat2/vnstat2.inc index 86a95346..b42bc0a9 100644 --- a/config/vnstat2/vnstat2.inc +++ b/config/vnstat2/vnstat2.inc @@ -30,56 +30,13 @@ require_once("util.inc"); function vnstat_install_deinstall() { - global $config; // Remove Vnstat package and files exec("/bin/rm -d -R /usr/local/www/vnstat2"); exec("/bin/rm -d -R /usr/local/www/vnstati"); exec("/bin/rm -d -R /usr/local/pkg/vnstat2"); exec("/bin/rm /usr/local/etc/vnstat.conf"); // Remove vnstat cron entry from config.xml - vnstat2_install_cron(false); -} - -function vnstat2_install_cron($vnstat_cron_value) { - global $config; - $is_installed = false; - if (!$config['cron']['item']) { - return; - } - $x=0; - foreach ($config['cron']['item'] as $item) { - if (strstr($item['command'], "/usr/local/pkg/vnstat2/vnstat2.sh")) { - $is_installed = true; - break; - } - $x++; - } - switch ($vnstat_cron_value) { - case true: - if (!$is_installed) { - $cron_item = array(); - $cron_item['minute'] = "*/1"; - $cron_item['hour'] = "*"; - $cron_item['mday'] = "*"; - $cron_item['month'] = "*"; - $cron_item['wday'] = "*"; - $cron_item['who'] = "root"; - $cron_item['command'] = "/usr/local/pkg/vnstat2/vnstat2.sh"; - $config['cron']['item'][] = $cron_item; - write_config(); - configure_cron(); - } - break; - case false: - if ($is_installed == true) { - if ($x > 0) { - unset($config['cron']['item'][$x]); - write_config(); - } - configure_cron(); - } - break; - } + install_cron_job("/usr/local/pkg/vnstat2/vnstat2.sh", false); } function change_vnstat_conf() { @@ -226,7 +183,7 @@ function vnstat_install_config() { } write_conf_f(); // Add cron job to config.xml - vnstat2_install_cron(true); + install_cron_job("/usr/local/pkg/vnstat2/vnstat2.sh", true, "*/1"); vnstat_create_nic_dbs(); write_config(); conf_mount_ro(); diff --git a/config/widget-havp/havp_alerts.inc b/config/widget-havp/havp_alerts.inc index ecbfe897..3aeb1016 100644 --- a/config/widget-havp/havp_alerts.inc +++ b/config/widget-havp/havp_alerts.inc @@ -12,4 +12,4 @@ $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); /* AJAX related routines */ handle_havp_ajax($havp_alerts_logfile, $nentries = 5); -?>
\ No newline at end of file +?> diff --git a/config/widget-havp/havp_alerts.inc.php b/config/widget-havp/havp_alerts.inc.php index c0810b83..81be9d3b 100644 --- a/config/widget-havp/havp_alerts.inc.php +++ b/config/widget-havp/havp_alerts.inc.php @@ -1,52 +1,76 @@ -<? +<?php +/* + havp_alerts.inc.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ function get_havp_alerts($havp_alerts, $nentries, $tail = 20) { global $config, $g; $logarr = ""; /* Always do a reverse tail, to be sure we're grabbing the 'end' of the alerts. */ exec("/usr/bin/tail -r -n {$tail} {$havp_alerts}", $logarr); - + $havpalerts = array(); - $counter = 0; - + foreach ($logarr as $logent) { - if($counter >= $nentries) + if ($counter >= $nentries) { break; - + } $alert = parse_havp_alert_line($logent); if ($alert != "") { $counter++; $havpalerts[] = $alert; } - } - /* Since the rules are in reverse order, flip them around if needed based on the user's preference */ + /* Since the rules are in reverse order, flip them around if needed, based on the user's preference */ return isset($config['syslog']['reverse']) ? $havpalerts : array_reverse($havpalerts); } - - - function parse_havp_alert_line($line) { + global $g; $log_split = ""; - - preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split); - list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'], - $alert['virusname']) = $log_split; + // FIXME: Obviously incomplete TLD list at the moment, plus the whole thing is completely whacky... + preg_match("/^(\d+\/\d+\/\d+)\s+(\d+:\d+:\d+)\s+(\d+.\d+.\d+.\d+)\s+\w+\s+\d+\s+(https?:\/\/([0-9a-z-]+\.)+([a-z]{2,3}|aero|coop|jobs|mobi|museum|name|travel)(:[0-9]{1,5})?(\/[^ ]*)?)\s+[0-9+]+\s+\w+\s+\w+:\s+([\S]+)$/U", $line, $log_split); + list($all, $alert['date'], $alert['time'], $alert['lanip'], $alert['url'], $alert['dontcare1'], $alert['dontcare2'], $alert['dontcare3'], $alert['query'], $alert['virusname']) = $log_split; $usableline = true; - if(trim($alert['url']) == "") + if (trim($alert['url']) == "") { $usableline = false; - if(trim($alert['virusname']) == "") + } + if (trim($alert['virusname']) == "") { $usableline = false; - - if($usableline == true) { + } + if ($usableline == true) { return $alert; } else { - if($g['debug']) { - log_error("There was a error parsing line: $line. Please report to mailing list or forum."); + if ($g['debug']) { + log_error("There was a error parsing line: $line."); } return ""; } @@ -54,32 +78,24 @@ function parse_havp_alert_line($line) { /* AJAX specific handlers */ function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) { - if($_GET['lastsawtime'] or $_POST['lastsawtime']) { - if($_GET['lastsawtime']) + if ($_GET['lastsawtime'] or $_POST['lastsawtime']) { + if ($_GET['lastsawtime']) { $lastsawtime = $_GET['lastsawtime']; - if($_POST['lastsawtime']) + } + if ($_POST['lastsawtime']) { $lastsawtime = $_POST['lastsawtime']; - /* compare lastsawrule's time stamp to alert logs. - * afterwards return the newer records so that client - * can update AJAX interface screen. - */ + } + // Compare last seen rule's time stamp with alert logs. + // Afterwards, return the newer records so that client can update AJAX interface screen. $new_rules = ""; $time_regex = ""; - + $havp_alerts = get_havp_alerts($havp_alerts_logfile, $nentries); foreach($havp_alerts as $log_row) { - preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U",$log_row['date'] , $time_regex); -# $time_regex = "";"/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])\s+([0-9][0-9]:[0-9][0-9]:[0-9][0-9])$/U" - // preg_match("/.*([0-9][0-9]:[0-9][0-9]:[0-9][0-9]).*/", $log_row['date'] . " " . $log_row['time'], $time_regex); + preg_match("/^([0-9][0-9])\/([0-9][0-9])\/([0-9][0-9][0-9][0-9])$/U", $log_row['date'], $time_regex); $row_time = strtotime($time_regex[2] . "/" . $time_regex[1] . "/" . $time_regex[3] . " " . $log_row['time']); - // $myfile = "/testfile.txt"; - // $fh = fopen($myfile,'a') or die("can't open file"); - // $stringdata = $lastsawtime . "-" . $row_time . "\n"; - // fwrite($fh, $stringdata); - // fclose($fh); - if($row_time > $lastsawtime and $lastsawtime > 0) { - + if ($row_time > $lastsawtime and $lastsawtime > 0) { $new_rules .= "{$log_row['url']}||{$log_row['virusname']}||" . time() . "||{$log_row['date']}||{$log_row['time']}||" . "\n"; } } @@ -87,4 +103,5 @@ function handle_havp_ajax($havp_alerts_logfile, $nentries = 5, $tail = 50) { exit; } } -?>
\ No newline at end of file + +?> diff --git a/config/widget-havp/havp_alerts.js b/config/widget-havp/havp_alerts.js index 110e3998..ae97ab2f 100644 --- a/config/widget-havp/havp_alerts.js +++ b/config/widget-havp/havp_alerts.js @@ -1,3 +1,31 @@ +/* + havp_alerts.js + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ havplastsawtime = '<?php echo time(); ?>'; var havplines = Array(); @@ -7,10 +35,11 @@ var havpisBusy = false; var havpisPaused = false; <?php - if(isset($config['syslog']['reverse'])) + if (isset($config['syslog']['reverse'])) { echo "var isReverse = true;\n"; - else + } else { echo "var isReverse = false;\n"; + } ?> if (typeof getURL == 'undefined') { @@ -21,13 +50,12 @@ if (typeof getURL == 'undefined') { if (typeof callback.operationComplete == 'function') callback = callback.operationComplete; } catch (e) {} - if (typeof callback != 'function') - throw 'No callback function for getURL'; + if (typeof callback != 'function') + throw 'No callback function for getURL'; var http_request = null; if (typeof XMLHttpRequest != 'undefined') { - http_request = new XMLHttpRequest(); - } - else if (typeof ActiveXObject != 'undefined') { + http_request = new XMLHttpRequest(); + } else if (typeof ActiveXObject != 'undefined') { try { http_request = new ActiveXObject('Msxml2.XMLHTTP'); } catch (e) { @@ -40,9 +68,11 @@ if (typeof getURL == 'undefined') { throw 'Both getURL and XMLHttpRequest are undefined'; http_request.onreadystatechange = function() { if (http_request.readyState == 4) { - callback( { success : true, - content : http_request.responseText, - contentType : http_request.getResponseHeader("Content-Type") } ); + callback({ + success: true, + content: http_request.responseText, + contentType: http_request.getResponseHeader("Content-Type") + }); } } http_request.open('GET', url, true); @@ -51,27 +81,28 @@ if (typeof getURL == 'undefined') { } function havp_alerts_fetch_new_rules() { - if(havpisPaused) + if (havpisPaused) return; - if(havpisBusy) + if (havpisBusy) return; havpisBusy = true; getURL('widgets/helpers/havp_alerts_helper.php?lastsawtime=' + havplastsawtime, havp_alerts_fetch_new_rules_callback); } + function havp_alerts_fetch_new_rules_callback(callback_data) { - if(havpisPaused) + if (havpisPaused) return; var data_split; var new_data_to_add = Array(); var data = callback_data.content; data_split = data.split("\n"); - for(var x=0; x<data_split.length-1; x++) { + for (var x = 0; x < data_split.length - 1; x++) { /* loop through rows */ row_split = data_split[x].split("||"); var line = ''; - line += '<td width="25%" class="listr">' + row_split[4] + '<br> ' + row_split[3] + '</td>'; - line += '<td width="75%" class="listr">' + row_split[0] + '<br>' + row_split[1] + '</td>'; + line += '<td width="25%" class="listr">' + row_split[4] + '<br/> ' + row_split[3] + '</td>'; + line += '<td width="75%" class="listr">' + row_split[0] + '<br/>' + row_split[1] + '</td>'; havplastsawtime = row_split[2]; new_data_to_add[new_data_to_add.length] = line; } @@ -79,11 +110,10 @@ function havp_alerts_fetch_new_rules_callback(callback_data) { havpisBusy = false; } - function havp_alerts_update_div_rows(data) { - if(havpisPaused) + if (havpisPaused) return; - + var isIE = navigator.appName.indexOf('Microsoft') != -1; var isSafari = navigator.userAgent.indexOf('Safari') != -1; var isOpera = navigator.userAgent.indexOf('Opera') != -1; @@ -94,51 +124,44 @@ function havp_alerts_update_div_rows(data) { showanim = 0; } //alert(data.length); - for(var x=0; x<data.length; x++) { + for (var x = 0; x < data.length; x++) { var numrows = rows.length; - /* if reverse logging is enabled we need to show the - * records in a reverse order with new items appearing - * on the top - */ - if(isReverse == false) { + // If reverse logging is enabled we need to show the records + // in a reverse order with new items appearing on the top. + if (isReverse == false) { for (var i = 1; i < numrows; i++) { nextrecord = i + 1; - if(nextrecord < numrows) + if (nextrecord < numrows) rows[i].innerHTML = rows[nextrecord].innerHTML; } } else { for (var i = numrows; i > 0; i--) { nextrecord = i + 1; - if(nextrecord < numrows) + if (nextrecord < numrows) rows[nextrecord].innerHTML = rows[i].innerHTML; } } var item = document.getElementById('havp-firstrow'); - if(x == data.length-1) - { + if (x == data.length - 1) { /* nothing */ showanim = false; - } - else - { + } else { showanim = false; } - if (showanim) - { - // item.style.display = 'none'; + if (showanim) { + //item.style.display = 'none'; item.innerHTML = data[x]; - // new Effect.Appear(item); - } - else - { + //new Effect.Appear(item); + } else { item.innerHTML = data[x]; } } /* rechedule AJAX interval */ //havptimer = setInterval('havp_alerts_fetch_new_rules()', havpupdateDelay); } + function havp_alerts_toggle_pause() { - if(havpisPaused) { + if (havpisPaused) { havpisPaused = false; havp_alerts_fetch_new_rules(); } else { diff --git a/config/widget-havp/havp_alerts.widget.php b/config/widget-havp/havp_alerts.widget.php index f8265d11..20b53b0e 100644 --- a/config/widget-havp/havp_alerts.widget.php +++ b/config/widget-havp/havp_alerts.widget.php @@ -1,30 +1,34 @@ <?php /* - havp_alerts.widget.php - Copyright (C) 2009 Michael Liberman , Jim Pingle + havp_alerts.widget.php + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Michael Liberman + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INClUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. */ -global $config, $g; +global $config; ?> <table width="100%" border="0" cellspacing="0" cellpadding="0"> @@ -39,25 +43,27 @@ if (is_array($havp_alerts)) { foreach ($havp_alerts as $alert) { ?> <?php - if(isset($config['syslog']['reverse'])) { + if (isset($config['syslog']['reverse'])) { /* honour reverse logging setting */ - if($counter == 0) + if ($counter == 0) { $activerow = " id=\"havp-firstrow\""; - else + } else { $activerow = ""; + } } else { /* non-reverse logging */ - if($counter == count($havp_alerts) - 1) + if ($counter == count($havp_alerts) - 1) { $activerow = " id=\"havp-firstrow\""; - else + } else { $activerow = ""; + } } ?> <tr class="havp-alert-entry" <?php echo $activerow; ?>> - <td width="25%" class="listr"><?= $alert["time"] . "<br>" . $alert["date"]?></td> - <td width="75%" class="listr"><?= $alert["url"] . "<br>" . $alert["virusname"] ?></td> + <td width="25%" class="listr"><?= $alert["time"] . "<br/>" . $alert["date"]?></td> + <td width="75%" class="listr"><?= $alert["url"] . "<br/>" . $alert["virusname"] ?></td> </tr> <?php $counter++; } diff --git a/config/widget-havp/widget-havp.inc b/config/widget-havp/widget-havp.inc deleted file mode 100644 index 61713f24..00000000 --- a/config/widget-havp/widget-havp.inc +++ /dev/null @@ -1,11 +0,0 @@ -<?php - -function widget_havp_uninstall() { - unlink("/usr/local/www/includes/havp_alerts.inc.php"); - unlink("/usr/local/www/widgets/helpers/havp_alerts_helper.php"); - unlink("/usr/local/www/widgets/include/havp_alerts.inc"); - unlink("/usr/local/www/widgets/javascript/havp_alerts.js"); - unlink("/usr/local/www/widgets/widgets/havp_alerts.widget.php"); -} - -?>
\ No newline at end of file diff --git a/config/widget-havp/widget-havp.xml b/config/widget-havp/widget-havp.xml index f99d99de..dc405119 100644 --- a/config/widget-havp/widget-havp.xml +++ b/config/widget-havp/widget-havp.xml @@ -4,82 +4,66 @@ <packagegui> <copyright> <![CDATA[ -/* $Id$ */ -/* ========================================================================== */ +/* $Id$ */ +/* ====================================================================================== */ /* - widget-havp.xml - part of pfSense (http://www.pfSense.com) - Copyright (C) 2009 Jim Pingle - All rights reserved. - - Based on m0n0wall (http://m0n0.ch/wall) - Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. - All rights reserved. - */ -/* ========================================================================== */ + widget-havp.xml + part of pfSense (https://www.pfSense.org/) + Copyright (C) 2009 Jim Pingle + Copyright (C) 2015 ESF, LLC + All rights reserved. +*/ +/* ====================================================================================== */ /* - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. - 1. Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, - OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - */ -/* ========================================================================== */ + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. +*/ +/* ====================================================================================== */ ]]> </copyright> <description>HAVP alerts widget add-on for Dashboard package</description> <requirements>Dashboard package and HAVP</requirements> - <faq>Currently there are no FAQ items provided.</faq> <name>widget-havp</name> - <version>0.1</version> + <version>0.1.1</version> <title>Widget - HAVP</title> - <include_file>/usr/local/pkg/widget-havp.inc</include_file> - <additional_files_needed> - <prefix>/usr/local/pkg/</prefix> - <chmod>077</chmod> - <item>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.inc</item> - </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/includes/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/helpers/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts_helper.php</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/include/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.inc</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/javascript/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.js</item> </additional_files_needed> <additional_files_needed> <prefix>/usr/local/www/widgets/widgets/</prefix> - <chmod>0644</chmod> <item>https://packages.pfsense.org/packages/config/widget-havp/havp_alerts.widget.php</item> </additional_files_needed> - <custom_php_deinstall_command> - widget_havp_uninstall(); - </custom_php_deinstall_command> </packagegui> diff --git a/pkg_config.10.xml b/pkg_config.10.xml index 95e80268..377ce6b1 100644 --- a/pkg_config.10.xml +++ b/pkg_config.10.xml @@ -117,7 +117,7 @@ <category>Firewall</category> <pkginfolink>https://forum.pfsense.org/index.php?topic=86212.0</pkginfolink> <config_file>https://packages.pfsense.org/packages/config/pfblockerng/pfblockerng.xml</config_file> - <version>1.09</version> + <version>1.10</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>BBCan177@gmail.com</maintainer> @@ -143,7 +143,7 @@ </descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>0.29</version> + <version>0.30</version> <status>Release</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy1_5/haproxy.xml</config_file> @@ -171,7 +171,7 @@ </descr> <website>http://haproxy.1wt.eu/</website> <category>Services</category> - <version>0.29</version> + <version>0.30</version> <status>Release</status> <required_version>2.2</required_version> <config_file>https://packages.pfsense.org/packages/config/haproxy-devel/haproxy.xml</config_file> @@ -566,7 +566,7 @@ <build_pbi> <port>net/openbgpd</port> </build_pbi> - <version>0.9.3.5</version> + <version>0.9.3.6</version> <status>STABLE</status> <pkginfolink>https://doc.pfsense.org/index.php/OpenBGPD_package</pkginfolink> <required_version>2.2</required_version> @@ -606,7 +606,7 @@ <config_file>https://packages.pfsense.org/packages/config/sarg/sarg.xml</config_file> <pkginfolink>https://forum.pfsense.org/index.php/topic,47765.0.html</pkginfolink> <depends_on_package_pbi>sarg-2.3.9-##ARCH##.pbi</depends_on_package_pbi> - <version>0.6.4</version> + <version>0.6.5</version> <status>Release</status> <required_version>2.2</required_version> <port_category>www</port_category> @@ -688,7 +688,7 @@ <build_pbi> <port>net/vnstat</port> </build_pbi> - <version>1.12.6</version> + <version>1.12.7</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>crazypark2@yahoo.dk</maintainer> @@ -929,7 +929,7 @@ <website>http://bandwidthd.sourceforge.net/</website> <descr>BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.</descr> <category>System</category> - <version>0.6.1</version> + <version>0.6.2</version> <status>BETA</status> <required_version>2.2</required_version> <depends_on_package_pbi>bandwidthd-2.0.1_6-##ARCH##.pbi</depends_on_package_pbi> @@ -951,7 +951,7 @@ <descr>SSL encryption wrapper between remote client and local or remote servers.</descr> <category>Network Management</category> <depends_on_package_pbi>stunnel-5.20-##ARCH##.pbi</depends_on_package_pbi> - <version>5.20.1</version> + <version>5.20.2</version> <status>Stable</status> <pkginfolink>https://doc.pfsense.org/index.php/Stunnel_package</pkginfolink> <required_version>2.2</required_version> @@ -1025,7 +1025,7 @@ <descr>High performance web proxy cache.</descr> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>2.7.9 pkg v.4.3.6</version> + <version>4.3.7</version> <status>Stable</status> <required_version>2.2</required_version> <maintainer>fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1052,7 +1052,7 @@ <pkginfolink>https://forum.pfsense.org/index.php/topic,48347.0.html</pkginfolink> <website>http://www.squid-cache.org/</website> <category>Network</category> - <version>0.2.9</version> + <version>0.3.0</version> <status>beta</status> <required_version>2.2</required_version> <maintainer>marcellocoutinho@gmail.com fernando@netfilter.com.br seth.mos@dds.nl mfuchs77@googlemail.com jimp@pfsense.org</maintainer> @@ -1140,7 +1140,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>dv_serg@mail.ru</maintainer> <category>Network Management</category> - <version>1.9.14</version> + <version>1.9.15</version> <status>Beta</status> <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-1.4_7-##ARCH##.pbi</depends_on_package_pbi> @@ -1160,7 +1160,7 @@ <website>http://www.squidGuard.org/</website> <maintainer>gugabsd@mundounix.com.br</maintainer> <category>Network Management</category> - <version>1.5_1beta pkg v.1.5.6</version> + <version>1.5.7</version> <status>Beta</status> <required_version>2.2</required_version> <depends_on_package_pbi>squidguard-devel-1.5_1-##ARCH##.pbi</depends_on_package_pbi> @@ -1246,7 +1246,7 @@ <descr>Dashboard widget for HAVP alerts.</descr> <category>System</category> <config_file>https://packages.pfsense.org/packages/config/widget-havp/widget-havp.xml</config_file> - <version>0.1</version> + <version>0.1.1</version> <status>BETA</status> <required_version>2.2</required_version> <configurationfile>widget-havp.xml</configurationfile> @@ -1364,7 +1364,7 @@ ]]> </descr> <maintainer>jimp@pfsense.org</maintainer> - <version>0.6.6</version> + <version>0.6.7</version> <category>Routing</category> <status>BETA</status> <depends_on_package_pbi>quagga-0.99.23.1_2-##ARCH##.pbi</depends_on_package_pbi> @@ -1477,7 +1477,7 @@ <build_pbi> <port>security/tinc</port> </build_pbi> - <version>1.2.2</version> + <version>1.2.3</version> <status>ALPHA</status> <pkginfolink>https://doc.pfsense.org/index.php/tinc_package</pkginfolink> <required_version>2.2</required_version> @@ -1495,7 +1495,7 @@ <website>http://www.balabit.com/network-security/syslog-ng/</website> <descr>Syslog-ng syslog server. This service is not intended to replace the default pfSense syslog server but rather acts as an independent syslog server.</descr> <category>Services</category> - <version>1.0.9</version> + <version>1.1</version> <status>ALPHA</status> <required_version>2.2</required_version> <depends_on_package_pbi>syslog-ng-3.6.2_3-##ARCH##.pbi</depends_on_package_pbi> |